* Affects iPhones whose users disabled security features
* Impact limited to small percentage of iPhones
* Researchers have only detected virus in Netherlands
* ING says some of its clients’ credentials were targeted
* Experts urge iPhone users not to tamper with software (Adds comments from ING spokeswoman)
By Jim Finkle
BOSTON, Nov 23 (Reuters) - Hackers have built a virus that attacks Apple Inc’s (AAPL.O) iPhone by secretly taking control of the devices via their Internet connections, security experts said.
The virus has been detected in the Netherlands and can only attack iPhones whose users have disabled some pre-installed security features, according to analysts monitoring the progress of the virus.
The hackers are trying to use the virus to obtain passwords to banking sites, according to Graham Cluley, a researcher with anti-virus software maker Sophos. When an iPhone user tries to access a bank website, the Duh Worm directs the browser to a look-a-like site controlled by the hackers, Cluley said.
A spokeswoman for ING Group ING.AS said the Dutch banking giant discovered a criminal network that attempted to steal banking credentials via hacked iPhones. Dutch clients of ING have been targeted, but there was no indication that clients outside the Netherlands have to worry, she said.
ING has not received any reports from clients that their credentials have been lost, but the bank was monitoring client accounts for suspicious transactions, the spokeswoman said.
The only iPhones that are vulnerable to the Duh Worm are “jail broken” phones, where users disable key Apple security features to get around the terms of usage agreement that they are designed to enforce, analysts said.
For example, Apple prevents users from switching service providers to unauthorized carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorized programs covering areas including Internet phone calls, WiFi access and pornography.
“The vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably,” said Apple spokeswoman Natalie Harrison.
Three independent security experts said that it is best for iPhone users not to jail break their devices because the security risks are greater than the benefits.
“They’re leaving their back door open. Every one else knows what the key is to open that door,” Cluley said.
The ING spokeswoman said: “People who use their iPhones in a regular way have nothing to fear.”
The case, which was widely reported by security experts on Monday, is the first in which iPhones have been recruited into a “botnet,” or army of infected devices that hackers can control from a central “command and control center.”
Early this year an unknown criminal gang built a botnet with millions of PCs using a worm known as Conficker. Security researchers feared that it might wreak havoc on April 1 based on code in the worm’s software, but that date passed with little fanfare.
Since then, security researchers say that a limited number of Conficker-infected PCs have been used to spread spam, sell fake anti-virus software and perpetrate identity theft.
Mikko Hypponen, an expert on Conficker and chief research officer for security software maker F-Secure, said that Duh could spread from the Netherlands to other countries.
Like the authors of Conficker, the hackers who wrote Duh are motivated to spread the worm because they too are looking for a payoff from their work, he said.
“It’s clearly written to make money. That’s a first on the mobile side,” Hypponen said.
To be sure, iPhones that have not been jail broken face their own security challenges. Yet so far Apple has been able to stay ahead of the hackers.
In July the company issued a software patch to fix a critical bug uncovered by two researchers that made the device susceptible to secret attacks using the SMS system, which mobile devices use to send text messages.
Apple shares rose 3 percent on Monday to $205.88 on the Nasdaq. (Additional reporting by Harro ten Wolde in Amsterdam; Editing by Phil Berlowitz and Steve Orlofsky) ((firstname.lastname@example.org; + 1 617 856 4344; Reuters Messaging: email@example.com))