A second worm (virus) to hit the Apple iPhone Mobile phone has been discovered by security company F-Secure. At the moment, it is targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING Direct. When the iPhone user tries to log in to their bank, the worm redirects the bank's customers to a look-a-like site with a log-in screen.

The worm only attacks "jail-broken" phones, where the operating system has been changed to allow the user to run non-Apple approved software on their handset, and also use the SSH (secure shell) file-transfer program that enables users to remotely connect to their phones.

The worm is able to infect phones as it knows the default SSH password, "alpine".  Once infected, the virus could also be used to allow remote control of the affected iPhones. At the moment it is targeting the Netherlands, but variants for other countries are likely to appear rapidly

This new worm uses the same method of attack as the first iPhone worm, called 'ikee'. Users with 'ikee' infected phones found their wallpaper replaced with a picture of 1980s popstar Rick Astley. Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.

Advice for iPhone Users

• If you have not 'jail-broken' your iPhone, or installed SSH, the current worms will not affect you. Consider using the 'Reset' option in ITunes if you no longer need the jail-broken functions.
• If you have jail-broken your iPhone, and installed SSH, ensure you change the default password, preferably to a word that is not in the dictionary.
• Be aware of the sites you visit on your iPhone where you suppliy login details. If anything looks wrong or out of place, do not enter your details.
• If you think you have entered details on a fake site, contact your bank immediately to get the passwords changed.

News Report on BBC
iPhone support page