There’s a new worm that targets jailbroken iPhones running SSH, and still have the iPhone default password. This worm can steal data contained on the iPhone and connect back to the attacker, giving them control over the phone. This worm has the ability to download and install Malware onto the iPhone as well. The root password may also be changed by the attacker in order to prevent the owner from accessing the device.

According to a post on Symantec’s blog – “Unlike the first iPhone worm, this one appears to cover a much broader range of IP addresses, including UPC in the Netherlands, Optus in Australia, possibly a Hungarian and a Portuguese provider, T-Mobile and potentially many others. And although this particular incarnation seems to be very similar in functionality to the hacktool we blogged about, this one supposedly runs and spreads directly from an infected iPhone, not from a computer.”

Symantec is currently attempting to source a sample for analysis and will provide more information as it comes to light. If you have been infected and/or have a sample that you can share with Symantec, please post about it on the Norton Forum here.

If you think your iPhone (or iPod Touch) may have been compromised, or if you have jailbroken your device and are worried about it, we recommend that you backup your data then restore your device to its factory settings and where applicable apply the latest firmware update from Apple.

It’s highly recommend you never leave a password blank, or as the factory default.