The first worm for the iPhone simply Rickrolled the user, but attempts since then haven't been so nice. The attacks are able to take place because the user hasn't changed the default password on their jailbroken phone, as users who don't jailbreak aren't affected by any of these attacks. The attack is once again SSH based, and once on the phone changes the root password. The only way to get rid of the worm at this point is to wipe the phone. The worm looks through your SMS database, and some versions are said to be able to upload that database to the creators. In addition, accessing an unnamed Dutch bank will lead users to a fake site where the hackers can steal the login information.