(Reuters) - Hackers have built a virus that attacks Apple Inc's iPhone by secretly taking control of the devices via their Internet connections, security experts said.
The virus has been detected in the Netherlands and can only attack iPhones whose users have disabled some pre-installed security features, according to analysts monitoring the progress of the virus.
The hackers are trying to use the virus to obtain passwords to banking sites, according to Graham Cluley, a researcher with anti-virus software maker Sophos. When an iPhone user tries to access a bank website, the Duh Worm directs the browser to a look-a-like site controlled by the hackers, Cluley said.
A spokeswoman for ING Group said the Dutch banking giant discovered a criminal network that attempted to steal banking credentials via hacked iPhones. Dutch clients of ING have been targeted, but there was no indication that clients outside the Netherlands have to worry, she said.
ING has not received any reports from clients that their credentials have been lost, but the bank was monitoring client accounts for suspicious transactions, the spokeswoman said.
The only iPhones that are vulnerable to the Duh Worm are "jail broken" phones, where users disable key Apple security features to get around the terms of usage agreement that they are designed to enforce, analysts said.
For example, Apple prevents users from switching service providers to unauthorized carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorized programs covering areas including Internet phone calls, WiFi access and pornography.
"The vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably," said Apple spokeswoman Natalie Harrison.
Three independent security experts said that it is best for iPhone users not to jail break their devices because the security risks are greater than the benefits.
"They're leaving their back door open. Every one else knows what the key is to open that door," Cluley said.
The ING spokeswoman said: "People who use their iPhones in a regular way have nothing to fear."
The case, which was widely reported by security experts on Monday, is the first in which iPhones have been recruited into a "botnet," or army of infected devices that hackers can control from a central "command and control center."
Early this year an unknown criminal gang built a botnet with millions of PCs using a worm known as Conficker. Security researchers feared that it might wreak havoc on April 1 based on code in the worm's software, but that date passed with little fanfare.
Since then, security researchers say that a limited number of Conficker-infected PCs have been used to spread spam, sell fake anti-virus software and perpetrate identity theft.
Mikko Hypponen, an expert on Conficker and chief research officer for security software maker F-Secure, said that Duh could spread from the Netherlands to other countries.
Like the authors of Conficker, the hackers who wrote Duh are motivated to spread the worm because they too are looking for a payoff from their work, he said.
"It's clearly written to make money. That's a first on the mobile side," Hypponen said.
To be sure, iPhones that have not been jail broken face their own security challenges. Yet so far Apple has been able to stay ahead of the hackers.
In July the company issued a software patch to fix a critical bug uncovered by two researchers that made the device susceptible to secret attacks using the SMS system, which mobile devices use to send text messages.
Apple shares rose 3 percent on Monday to $205.88 on the Nasdaq.
(Additional reporting by Harro ten Wolde in Amsterdam; Editing by Phil Berlowitz and Steve Orlofsky)
Feb 4th 5:34 PMFinding Myself My Own New Adventure - So this is my last column with Channel Insider. After selling my MSP, Ive take... http://t.co/XGWd1Ryl
Feb 2nd 5:39 PMLevel Platforms to Offer Mobile Device Management - Answering the call of so many MSPs, Level Platforms is expanding... http://t.co/hsqwAFxN
Feb 2nd 3:45 PM10 Key Ingredients That Have Made Apple So Successful - Apple is one profitable company. The firm announced recently... http://t.co/ipuOvDig
Feb 2nd 1:55 PMChannelEyes: Will It Transform the Channel? - If the 2000 decade was about automation for the IT services channel, t... http://t.co/SrvhN2xG
Feb 1st 11:45 AMIBM Expands Mobility Management, Security - IBM has unveiled a solution to mitigate the risk that comes with a bring... http://t.co/VcyVQ4HA
Feb 1st 5:43 AMXerox Expands Cloud Services, Data Recovery for SMBs - The cloud backup and data recovery services are designed to p... http://t.co/DloBWniQ
Jan 31st 1:45 PM10 Reasons RIM`s New CEO Won`t Fix the Company - Research In Motion, at long last, has a new CEO in Thorsten Heins. ... http://t.co/JGo2Z9ar
Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself. Click Here