Question:
How does a Bluetooth worm get installed [on a mobile phone]? The user has to allow its install, don't they? Why would they allow it?

Bluetooth worms effectively cause a denial-of-service attack. Selecting "No" results in repeated prompts until many just give up and try "Yes".

Mikko wrote a ten-page article for Scientific American about mobile malware a few months ago. The article seems to be available for download in PDF format via Professor Robins' homepage here: http://www.cs.virginia.edu/~robins/cs661/
Search for "Mobile Malware" to find it.