".... guessed we would see a dangerous incarnation of worm for the iPhone within a week of the 5 Euro scam that Graham blogged about on November 3rd. Fortunately my predictions were wrong, and we made it almost 3 weeks before someone succumbed to the temptation to take advantage of the vulnerability in jailbroken iPhones.

A Dutch ISP has reported unusual amounts of data traffic related to the worm, which was the first indication that something was wrong. Slashdot posted a link to a translation of a Dutch security blog post with more details.

This worm, like the others, only attacks jailbroken iPhone and iPod Touch devices. There are some significant differences from the 5 Euro scam, the most notable of which is that this worm uses command-and-control like a traditional PC botnet. It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server (HTTP) to upload stolen data and cede control to the bot master.

Security.nl also says that the worm changes the root password from the default of "alpine" that Apple set in the factory firmware, making it more difficult for users to secure their devices. The recommended method to remove this malware from your iPhone is to restore the Apple factory firmware using iTunes."

Read the complete article here