The new worm targets people in the Netherlands who are using their iPhones to log into internet banking with the Dutch bank ING.

It redirects the bank's customers to a lookalike site with a log-in screen, leaving them vulnerable to cybercriminals who could capture their username and password.

Wollongong student Ashley Towns developed the first iPhone worm, called Ikee, in a bid to raise awareness about security on the popular Apple smartphone.

The harmless Ikee worm replaced the infected iPhone's wallpaper with an image of Ricky Astley and the slogan "Ikee is never gonna give you up" - a reference to the English singer-songwriter's 1987 hit single Never Gonna Give You Up.

The worms only infect 'jailbroken' phones, which have been modified to enable to user to run non-Apple approved software on the handset.

However both Ikee and the new worm, dubbed Duh, are similar in that they take advantage of the default password used by the SSH (secure shell) Unix utility, which comes with a default password, "alpine".

Only users who have installed SSH and not changed the password are at risk.

Security experts at F-Secure warned that the Duh worm could effectively turn infected iPhones into a "botnet", a network of compromised computers at the mercy of hackers or cybercriminals that can be accessed and controlled without the permission of the user.

The worm can be transferred from one jailbroken iPhone to another if they are using the same wireless internet connection or hot spot.

A spokesperson for ING Bank said that a warning would be put on the bank's official website.