A new iPhone worm, based on Ikee, has been detected in the wild, but unlike its predecessor, it is malicious in nature. The new malware intercepts and steals online banking information from mobile consumers and connects to a master control server in order to receive instructions.

At the beginning of this month, the world saw its first worm for the extremely popular iPhone mobile device. Dubbed Ikee, the piece of malware was written by a 21-year-old Australian, named Ashley Towns, allegedly for demonstrative purposes.

Ikee infected jailbroken iPhones running OpenSSH with the default "alpine" password, an apparently common security oversight Mr. Towns wanted to point out. The young programmer released the source code for his controversial creation and went on to be hired as an iPhone application developer by a company.

But, even though Ikee only affected iPhones in Australia and did nothing more than change the wallpaper to a picture of Rick Astley, security researchers questioned its actual impact on security. Many of them warned that it could lead to the creation of more dangerous malware and, as it turns out, they were right. It only took cybercrooks two weeks to take the code, improve it and create a new malicious worm.

Ikee's offspring, called "Duh" targets iPhone users that engage in online banking from their devices. It seems that it was particularly designed to steal login credentials from ING Bank customers in Netherlands. The owners of an infected device will be redirected to a phishing website that looks very similar to the ING online banking one.

The Finnish antivirus vendor F-Secure warns that the new worm also displays botnet behavior, being able to silently connect to a Web server in Lithuania and receive instructions. "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it. It's fairly isolated and specific to Netherlands but it is capable of spreading," commented Mikko Hypponen, the company's research director, for BCC.

ING Bank is fully aware of the situation and plans to place a security alert on its Dutch website. The bank's call center operators have also received instructions on how to handle incidents generated by this new threat.