Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

iPhone Botnet Analysis

Published: 2009-12-21
Last Updated: 2009-12-21 19:38:29 UTC
by Marcus Sachs (Version: 1)
3 comment(s)

SRI's Malware Threat Center has published an excellent analysis of the iPhone botnet that we covered in a diary a few weeks ago.  Here is the abstract:

We present an analysis of the iKee.B (duh) Apple iPhone bot client, captured on 25 November 2009.  The bot client was released throughout several countries in Europe, with the initial purpose of coordinating its infected iPhones via a Lithuanian botnet server.   This report details the logic and function of iKee's scripts, its configuration files, and its two binary executables, which we have reverse engineered to an approximation of their C source code implementation.    The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones.  While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

Thanks to Phil Porras and the MTC team for all of their great work!

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords: botnet ikee iPhone
3 comment(s)
Diary Archives