An annoying little program showed that it was possible to develop Trojans targeting the iPhone.
However, the Trojan also overwrites several legitimate applications, including Erica's Utilities, Launcher, Doom, and OpenSSH, meaning that if you uninstall the Trojan, you will need to reinstall these applications later. This appears to be a consequence of poor programming.
The risk to iPhone users is now considered negligible since the host sites have all been taken down.
Since mobile devices are becoming more like general computing machines, it's no surprise that Trojans can be written for them. Fortunately, the Trojan for the iPhone in this case only displays an annoying message.
However, this does send out the message that mobile developers need to write applications that factor in these developments. Also, API providers have to look out for well-structured access and permissions to applications.
A few days ago, there was a great post by Chad Perrin on SPAM and SPIT (Spam over Internet Telephony in the communication space. SPIT would make a perfect fit for a mobile device where telephony is the bare essential.