It *IS* a worm.
"Seriously though, why the hell do consumer devices have to have default root/admin/super-user passwords? If they never need to be changed you simply ask the user to setup a one time super-user/top-dog password which they need to write down somewhere safe and never reveal to anyone! Then they set up their own password, job done!"
This really doesn't make sense, in stock form the root password is NEVER used by the end user so asking to set it would not be sensible. There's no local OR remote login shell, and no use for the password. (I do bet the OS upgrade uses the password though.) In jailbreak form, I'm sure step 1 (or at least a low number) is *set your root password*. Once you have a shell or ssh, it should be immediatley set to something non-stock. It could make sense to ask the user to reset the password in the jailbreak software, but really if there's an instruction to do it seperately that should cover it, not doing it is human error of not following the directions.
"... who think it is an iPhone worm and are busy mocking others, consider this. I've taken a Linux build, heavily modified it, left an SSH daemon running on default ports with a well known password and suddenly find myself owned. Do I have a leg to stand on by running (or hopping) to the Linux community or the media shouting "I've found a Linux exploit!!"?"
A) No you odn't have a leg to stand on, but you were still hit by a Linux worm.
B) The only reason I say "no" to "Do I have a leg to stand on" is because it was brought to the attention of the Linux community several years back when it WAS a new thing to have these worms rotating through a dictionary of weak passwords. Otherwise, yes, you would have had a leg to stand on shouting you'd found a new exploit in the wild.
People are only mocking stupid fanbois who claim a worm is not a worm just because it's on the precious IPhone. It doesn't hit a IPhone in stock configuration, but nevertheless it IS an IPhone worm. And although ssh-spreading worms aren't new, it IS new to have one spreading on this particular platform.