Like the Ikee worm of two weeks ago, this virus appears to have been coded specifically for jailbroken iPhones and is reported to be capable of stealing banking credentials, as well as and hijacking the smartphone to become part of a botnet.
Discovered by F-Secure, the worm - Ikee.B - has apparently been coded to upload a users' banking data to a server in Lithuania and is then programmed to follow orders from remote hackers using specific commands,
Whereas the original iPhone worm was limited to infecting iPhones on the Australian Optus mobile network, Ikee.B looks for vulnerable iPhones on a much wider range of IP ranges - including Optus in Australia, UPC in the Netherlands and most T-Mobile networks in the world.
Commenting on the Ikee.B worm, Graham Cluley, Sophos' senior technology consultant, said that it is doubly criminal as, not only does it break into your iPhone without permission, but it also cedes control of your iPhone to a botnet command server in Lithuania.
"That means your iPhone has just been turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised", he said.
Interestingly the Ikee.B worm - which Sophos calls `Duh' - is reported to change the iPhone's password to something quite rude.
Cluley said that his fellow researcher Paul Ducklin was able to recover the amended iPhone password, which had been changed from its default of `alpine.'
"Apple's default root password - 'alpine' - on the iPhone breaks two fundamental rules - it's both a dictionary word and well-known. This doesn't matter for most iPhone users, as they haven't jailbroken their iPhones and installed SSH to allow remote access - but the new worm will break in and immediately change it", said Ducklin.
"This change is made by directly editing the encrypted value of the password in the master password file, so that the new password is never revealed", he added.
"This password-changing represents an additional risk, as it means that cybercriminals now know what your password is - allowing them to log back into your iPhone later - but you don't, so you cannot login and eliminate the virus."
As a result of the worm, Sophos strongly recommends that all users of jailbroken phones, change their passwords from `alpine' immediately to avoid further attacks.