Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Mobile Information and Communication Systems

MobiSec 2010: Security and Privacy in Mobile Information and Communication Systems pp 141–152Cite as

An Analysis of the iKee.B iPhone Botnet

  • Conference paper

Abstract

We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on November 25, 2009. The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server. This report details the logic and function of iKee’s scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Javox.com: Secure your jailbroken iphone from ssh hacking with mobileterminal app (2009), http://jaxov.com/2009/11/secure-your-jailbroked-iphone-from-ssh-hacking-with-mobileterminal-app/

  2. Danchev, D.: ihacked: jailbroken iphones compromised, $5 ransom demanded (2009), http://blogs.zdnet.com/security/?p4805

  3. Ashford, W.: First ever iphone worm ikee unleashed by aussie hacker (2009), http://www.computerweekly.com/Articles/2009/11/09/238469/First-ever-iPhone-worm-Ikee-unleashed-by-Aussie-hacker.htm

  4. McIntyre, S.: Meldingen door security office xs4all blog (2009), http://www.xs4all.nl/-veiligheid/security.php

  5. Moore, D., Shannon, C., Claffy, K.: Code Red: A case study on the spread and victims of an Internet worm. In: Proceedings of ACM SIGCOMM Internet Measurement Workshop (2002)

    Google Scholar 

  6. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: The spread of the sapphire/slammer worm. Technical report, Cooperative Association for Internet Data Analysis (2003)

    Google Scholar 

  7. Shannon, C., Moore, D.: The Spread of the Witty Worm (2004), http://www.caida.org/analysis/security/witty/

  8. Porras, P., Saidi, H., Yegneswaran, V.: A Multiperspective Analysis of the Storm Worm. SRI Technical Report (2007)

    Google Scholar 

  9. Porras, P., Saidi, H., Yegneswaran, V.: A foray into conficker’s logic and rendezvous points. In: Proceedings of LEET (2009)

    Google Scholar 

  10. Ferrie, P., Szor, P.: Cabirn fever. In: Proceedings of Virus Bulletin (2004)

    Google Scholar 

  11. F-Secure: F-Secure virus information pages. Commwarrior (2005), http://www.f-secure.com/v-descs/commwarrior.shtml

  12. Gostev, A., Maselnnikov, D.: Mobile malware evolution: Part 3 (2009), http://www.viruslist.com/en/analysis?pubid=204792080

  13. Hypponen, M.: Status of cell phone malware in 2007 (2007)

    Google Scholar 

  14. Cheng, Z.: Mobile malware: Threats and prevention. McAfee Technical Report (2007)

    Google Scholar 

  15. Bulygin, Y.: Epidemics of mobile worms. In: Proceedings of Malware (2007)

    Google Scholar 

  16. Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G.M., Mehes, A.: Can you infect me now? Malware propagation in mobile phone networks. In: Proceedings of WORM (2007)

    Google Scholar 

  17. Hex-Rays.com: The ida pro home page (2009), http://www.hex-rays.com

  18. Forge, S.: Desquirr distribution page (2009), http://desquirr.sourceforge.net/desquirr/

  19. Ducklin, P.: Password recovery for the latest iphone worm (2009), http://www.-sophos.com/blogs/duck/g/2009/11/23/iphone-worm-password/

  20. Leyden, J.: iphone worm hijacks ing customers (2009), http://www.theregister.co.uk/-2009/11/23/iphone_cybercrime_worm/

  21. Danchev, D.: Os fingerprinting apple’s iphone 2.0 software - a ”trivial joke” (2009), http://blogs.zdnet.com/security/?p1603

  22. Abbey, J.D.: Why should i jailbreak my iphone? (2009), http://appadvice.com/-appnn/2009/03/why-should-i-jailbreak-my-iphone/

  23. Nelson, R.: Jailbroken stats: Recent survey suggests 8.43% of iphone users jailbreak (2009), http://www.iphonefreak.com/2009/08/jailbroken-stats-recent-survey-suggests-843-of-iphone-users-jailbreak.html

Download references

Author information

Authors and Affiliations

  1. Computer Science Laboratory, SRI International, USA

    Phillip Porras, Hassen Saïdi & Vinod Yegneswaran

Authors
  1. Phillip Porras
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hassen Saïdi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vinod Yegneswaran
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. novalyst IT, Robert-Bosch Str. 38, 61184, Karben, Germany

    Andreas U. Schmidt

  2. Create-Net Research Consortium, 38123, Povo, Trento, Italy

    Giovanni Russello

  3. Politecnico di Torino, Dipartimento di Automatica e Informatica, 10129, Torino, Italy

    Antonio Lioy

  4. Center for TeleInFrastruktur, Aalborg University, 9220, Aalborg East, Denmark

    Neeli R. Prasad

  5. France Telecom R&D (Orange Labs) , Haidian District, 100080, Beijing, China

    Shiguo Lian

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Porras, P., Saïdi, H., Yegneswaran, V. (2010). An Analysis of the iKee.B iPhone Botnet. In: Schmidt, A.U., Russello, G., Lioy, A., Prasad, N.R., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 47. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17502-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17502-2_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17501-5

  • Online ISBN: 978-3-642-17502-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation