The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users' bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn't likely to care about until it affects "legit" users.

According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.

After it finds a vulnerable phone, iBotnet.A changes the root password to "ohshit" (we think that's a pretty accurate assessment of the situation) and connects to a command and control center (CnC) in Lithuania in order to upload personal data collected from the iPhone. What makes this server a CnC is the fact that distributes executables to the jailbroken phones and assigns each device an identifier so it can reconnect later for further action. Most importantly, however, iBotnetA specifically changes an entry in the iPhone's hosts file for ING Direct—this means users who try to go to ING Direct from their phones after the file has been changed will be redirected to another page that looks just like it. If they try to log in, the scammers will then have their bank login credentials and can transfer out any cash that is available.

Another security research firm, F-Secure, wrote on its blog that this worm isn't widespread but is more serious than the first. The first copied personal data, such as e-mail, contacts, SMSs, calendars, photos, and more—opening up the doors for more serious exploitation but nothing as heinous as taking bank passwords. These two worms are not the first for iPhones, however. Two others circulated earlier this month as well—one claiming to hold the device "hostage" for �5 and the other merely Rickrolling users as punishment for leaving the default passwords intact on their jailbroken phones.

As usual, non-jailbroken iPhones remain unaffected by these worms (or any real worms). Like on the Mac, researchers have demonstrated several proof-of-concept exploits for locked-down iPhones, but none have turned into a legitimate concern for iPhone or iPod touch users as of yet. Still, targeting jailbroken iPhones looks like a hot trend for malware writers. If you're one of those users, F-Secure has provided a guide to changing your default password so that you're not vulnerable to these hacks, but don't expect Apple to care about your plight anytime soon. Until regular users begin to find themselves victim of an attack, jailbreakers will have to rely on the sympathetic research world to stay on top of this kind of malware.