The first known actual iPhone worm has been spreading across jailbroken iPhones in Australia late last week. The worm seeks out jailbroken iPhones with SSH installed in which the default password has not been changed, and installs itself on the device. Once installed, it changes the background to an image of Rick Astley (essentially Rick Rolling you) and looks for other phones on the network to install itself on, though it has the potential to be used for more malicious things.

Sophos, an Anti-Virus firm, has examined several instances of the worm, and has found multiple varianats. They also found comments in the code suggesting that this was an experiment, and was created as a stunt to spotlight how insecure most jailbroken iPhone’s are.

A forum member on an Australian form, where the exploit was first discussed by the alias ike_x has taken credit for the iPhone worm and has been assisting users in removing it.

One individual going by the online surname JD interviewed Ikee over IRC chat, and published it to his blog, in which Ikee answers questions like why he did it.

First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)
Secondly i was quite amazed by the number of people who didn’t RTFM and change their default passwords.

Luckily for people outside of Australia, there have been no reports of the worm outside of Australia.

- source: TUAW