The Ikee iPhone worm - which surfaced in Australia earlier this month - only targets users of `jailbroken' Apple iPhones who have not changed the default password after installing the secure shell (SSH) data exchange applet.
Jailbreaking an iPhone is the name for the process of unlocking the handset from its network and allowing any SIM cards to be used with the iPhone. The process also allows applications - known as apps - to be sourced and loaded from sites other than the Apple App Store.
The payload of the Ikee iPhone worm appears to be benign in that it loads a picture of Rick Astley - famed for his 1987 hit `never gonna give you up' - and whose music career rebounded when, in 2007, the song was subject of a viral internet posting in which an estimated 25 million users were tricked into watching his video.
The trick was perpetrated by posting the music video under the name of other popular video titles and soon became known as Rickrolling.
The viral process - copied by others - became so popular that on 1 April last year, the YouTube video portal pranked its users by making every featured video on the front page a Rickroll.
The payload on the Ikee iPhone worm changes the background on the iPhone to the promo picture used in the Rickroll campaign, and then hunts out other iPhones on the network to infect.
In a Sunday blog posting by Graham Cluley, Sophos' senior technical consultant, he said that at least four variants of the Ikee iPhone worm have been spotted.
One of the iPhone worm variants, Cluley said, tries to hide its presence by using a filepath suggestive of the Cydia application.
Infosecurity notes that the iPhone worm source code is peppered with comments from the author suggesting the iPhone worm has been written as an experiment.
One of the comments apparently berates affected users for not following instructions when installing SSH, because if they had changed the default password the iPhone worm would not have been able to infect them.
According to the Sophos blog posting, on each installation, the iPhone worm - written by a hacker calling themselves `ikex' - "changes the lock background wallpaper to an image of Rick Astley".
The message - ikee is never going to give you up - then appears.
"What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, `alpine'. In fact, it would be a good idea if you didn't use a dictionary word at all", said Cluley in his blog posting.