An Analysis of the iKeeB (duh) iPhone botnet (Worm)

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

An Analysis of the iKeeB (duh) iPhone botnet (Worm)
Ikeeb-lock.jpg
Botnet
Malware IKee.B
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 21 décembre 2009
Editor/Conference SRI International
Link http://mtc.sri.com/iPhone/ (Archive copy)
Author Philip Porras, Hassen Saidi, Vinod Yegneswaran
Type

Abstract

We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on 25 November 2009. The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

Bibtex

 @misc{Porras2009BFR830,
   editor = {SRI International},
   author = {Philip Porras, Hassen Saidi, Vinod Yegneswaran},
   title = {An Analysis of the iKeeB (duh) iPhone botnet (Worm)},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2009},
   howpublished = {\url{http://mtc.sri.com/iPhone/}},
 }