The worm attacks iPhone users who have installed OpenSSH and not changed the default password. This vulnerability is similar to establishing a Wi-Fi network and not changing the default password on your router. If you have OpenSSH installed on your iPhone please follow these directions to change your password.
Once compromised, a users iPhone will redirect ING customers to a lookalike site with a log-in screen.
"It's the second iPhone worm ever and the first that's clearly malicious – there's a clear financi
al motive behind it," F-Secure research director Mikko Hypponen told the BBC.
This worm, like all others attacks iPhone and iPod touch users who have jailbroken their device and have SSH enabled with default username/password combination. It gives a hacker complete access on the victim’s iPhone. The hacker can access and copy any user data from the jailbroken device, including emails, contacts, calendars, photos, SMSs, videos, in fact any data the hacker wants. It then initiates a search for other vulnerable iPhone’s on the same network to spread itself further.