CNET reports a new worm is spreading that allows hackers to steal sensitive information from jailbroken iPhones. According to security firms, the worm scans local networks and a range of IP addresses for vulnerable iPhones. It attempts to login via an open SSH port using the default password and connects to a Lithuanian server to upload personal data harvested from your iPhone.
You can avoid getting hit by this malware by making sure you don't leave the iPhone password at default. Once infected you can only get rid of the worm by restoring the most recent firmware update from Apple.
According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.
The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."