Beware! Virus Hits Mobile Phones

[Chirag 5]

Beware! Virus hits mobile phones

December 10, 2004 16:18 IST

Rediff.com

If your cellphone bill exceeds your wildest dreams next time, beware!

Your handset is being hacked into by a deadly virus, that is capable of controlling your cellphone and even destroying the data stored in the mobiles, a top official of a leading anti-virus and Internet content security firm warned on Friday.

"The virus threat to mobile phones are real and could be more deadly than you could imagine," Niraj Kaushik, country manager (India) of Nasdaq-listed Trend Micro Inc, which just released a free trial of new protection for mobile devices, 'malware' (malicious software) that attack mobile phones, said in Chennai.

Considering that the mobile phones are always "switched on and networked", the chances of virus attacks are much more than on computers, he said.

Due to the rising popularity of data-centric mobile phones and personal digital assistants, these devices could become an attractive target for virus writers in the future, Kaushik warned.

Already, three malware programmes that affect mobile phones were detected during November, but these were considered harmless.

However, a fourth virus, which was detected in December first week, was found to be very destructive. "This virus allowed hackers to control your cellphone," Kaushik said.

All the virus attacks were witnessed on multi-functional smart phones, that have latest features like Internet connectivity and in-built cameras.

[StaticElectricity 8]

wow, i think i better start writing one....

lol, just imagine all the photos i could get...

so, whats next? anti-virus and firewalls for mobile phones??!!

[Ganesh 0]

Of course yes

[deepu 0]

Norton Antivirus on your Mobile Preloaded ......... ha ha ha

[rEdshiFt 1]

dude, like this mobile virus has a name to it...?

[gids 0]

i've heard dat these virus are transmitted mainly through bluetooth or gprs, guess atleast the rim users are on a safer side.

[rEdshiFt 1]

i had always thot cell-phone virus were hoax, but for the past few weeks i've been hearing official stuff about cell-phone virus and this one here, is a good article -straight from the prestigious NewScientist Jornal - "The World's No.1 Science & Technology News Service"

            New hybrid cellphone-virus discovered

18:08 13 January 2005

NewScientist.com news service

Will Knight

A cellphone virus that uses several techniques to spread is the most sophisticated "mobile malware" yet, but experts say the risk of infection remains remarkably slim.

The malicious software, called Lasco.A, spreads via Bluetooth, a short range wireless networking technology, and can infect smartphones running the Symbian operating system. It arrives as an executable file called "velasco.sis" and, once installed, automatically attempts to send itself to other phones within Bluetooth range.

Analysis of the code shows Lasco.A is based on an earlier cellphone worm called Cabir.H. However, like many desktop computer viruses, the program not only spreads automatically, but also infects other .sis files on a host handset.

Worms spread by simply replicating, while viruses spread by hiding themselves in a file. "This is the first mobile virus to have multiple ways of spreading," says Mikko Hyppönen, chief research officer at Finnish anti-virus company F-Secure. "I guess you could compare it to a Microsoft Windows virus."

Easy insertion

In theory users could infect other cellphones by sharing infected .sis files, such as games, between handsets. Although there have been no reports of phones being infected by Lasco.A outside of test laboratories, Hyppönen believes the program has a good chance of spreading.

This is partly because the program uses multiple tricks to proliferate but also because the author has created a Windows program that lets anyone insert Lasco.A into .sis files.

But programs like Lasco.A are still unlikely to cause a major outbreak, according to some experts. "It's fairly rudimentary," notes Graham Cluley, chief technologist at UK anti-virus firm Sophos. "We're not expecting anything."

Cluley points out that Lasco.A can only infect sophisticated phones in close range of one another - within 10 metres. He adds that users also have to agree to install the program for it to work. "There are lots of barriers," he says.

Isolated cases

But there are isolated cases of cellphones being infected by mobile worms in the "wild" outside the laboratory. Russian anti-virus firm Kaspersky Labs revealed on Thursday that it has received reports of Cabir.A spreading in Russia.

Although just a few cellphones are thought to have been infected, Kaspersky advises preventative measures. These include configuring a phone so that it cannot automatically be discovered by other Bluetooth handsets and refusing suspicious files.

"Mobile phone infections are strikingly different from similar issues with regard to desktop computers so preventive measures must differ too," says Kaspersky Labs in a statement. "The primary difference being that mobile phone infections usually occur in crowded public spaces where many people are using mobile phones simultaneously."

...times ARE fast changing...long live technology

[deepu 0]

Viruses invade cellphones! 7 ways to be safe

--------------------------------------------------------

Mobile phone users, beware! The viruses that attack cell phones are on the loose and may be heading for your phone this very moment.

A recent report from anti-virus and Internet security software firm Trend Micro's TrendLabs indicates that mobile malwares have not only advanced at a surprising rate in the last three months in terms of technology and range of infection, but most users have found them very difficult to remove.

Trend Micro warns mobile phone users to handle these new mobile threats carefully, as they can cause failure in phone files, contact lists, messages, pictures and even basic phone operations.

Although, says Trend Micro, the impact caused by current mobile malware is limited as yet, the emerging threat is quite likely to become a real nightmare for mobile devices users sooner than later.

What is most disturbing is that these malware have adapted more and more sophisticated technology to spread and infect mobile devices.

Crash, programme termination, wireless attack, data theft -- these are terms often associated with computer viruses. But now mobile malwares are growing, and can even infect mobile phones and computers at the same time.

TrendLabs discovered in June 2004 that mobile phones are not immune to attacks by malware programmes. The first mobile phone malware, Symbos_Cabir.A spread only via Bluetooth-enabled devices, but this proof-of-concept worm failed to enter the mainstream.

Yet in the first quarter of 2005, a mere six months later, malware began changing along with new technology trends, with ten new mobile malware boasting revamped techniques appearing on the scene within just three months, says Trend Micro.

Mobile phone vendors currently provide repair services for phone functions, but no Trojan removal services are offered. As a result, the risk faced by phones lacking antivirus software increases day by day, especially for those equipped with Bluetooth.

Mobile malware trends indicate that the wireless domain is currently becoming the battlefield for malicious attacks. Just recently the first mobile Trojan that terminates antivirus software appeared on websites offering free downloads.

Trend Micro's TrendLabs analysed mobile malwares in the first quarter. The analysis showed:

*

Antivirus Software Removal: Symbos_Drever.A removes antivirus programmes; 'retro-viruses' now attack mobile phones.

Symbos_Drever.A, which surfaced in March 2005, is the first mobile phone malware to overwrite certain antivirus applications, such as F-Secure and SimWorks software. The appearance of this type of destructive behavior indicates that mobile threats are already moving towards a certain goal -- data theft may be lurking just around the corner.

The Symbos_Drever.A is a mobile Trojan that steals the user's password and confidential information. It disguises itself as a free antivirus program or game, painstakingly made available for download on illegal software or hacker Web sites.

The malware later led to two new variants, Symbos_Drever.B and Symbos_Drever.C, which were wreaking havoc in the Philippines.

Trend Micro senior antivirus consultant Jamz Yaneza explains: "The appearance of the first mobile Trojan that terminates antivirus software is a warning sign that mobile viruses are becoming more and more powerful, and pose a risk to a large number of mobile phone users. In the first quarter of this year, two variants were created from Cabir, the predecessor to mobile malwares affecting Bluetooth-enabled devices. And now with the addition of the Drever family, I worry that mobile malwares will become a regular addition to security threats."

Trend Micro points out that those mobile phones infected with the Symbos_Drever.A Trojan will display the message, 'Dr Web Forever!!!!', while Symbos_Drever.C curses a security provider with the message, 'Fsecure Must Die!!!!!!'

Yaneza points out that these 'retro-viruses' that can remove antivirus applications have moved the antivirus battlefield from computers to mobile phones. TrendLabs analysis has discovered that reinstalling antivirus software removed by Symbos_Drever.A will eliminate the malware, but users must remember to reinstall it themselves.

*

Computers and mobile phones infected simultaneously: Pe_Vlasco.A & Symbos_Vlasco.A cause some mobile phone applications to fail.

On January 10, Pe_Vlasco.A became the first malware to simultaneously attack computer systems and wireless devices. This virus affects Windows systems, as well as Series 60 mobile phones.

Once the window system is infected, Symbos_Vlasco.A, as an appendage of Pe_Vlasco.A, can then attack mobile phones running Series 60 platform. It replaces some existing applications with new ones, and prevents others from operating properly.

* Phones crash, buttons fail: Phones crash after Symbos_Locknut is downloaded.

Two destructive malware programmes, dubbed by Trend Micro as Symbos_Locknut, suddenly appeared on the scene in early February. The first variant, Symbos_Locknut.A, infects those mobile devices installed with Symbian OS v7.0, causing some keys to fail and even leading to the phone crashing.

Fortunately, Symbos_Locknut.A does not propagate itself, says Trend Micro.

However, the virus author did not sit on his laurels, as the improved version Symbos_Locknut.B displayed increased destructiveness and infection capabilities. This variant imitates the first mobile malware that propagates via Bluetooth, Symbos_Cabir.A.

Spread by disguising itself as a normal file, as soon as a target is detected via the phone's Bluetooth communication functions, and the malicious file is accepted, the newly infected phone will crash and lock up.

* Multiple propagations quicken spread: Symbos_Comwar.A uses multimedia message service (MMS) to hasten widespread propagation.

Symbos_Comwar.A, first appearing in early March, is downloaded from various internet sites as the compressed file Commwarrior.ZIP, and then spreads over Bluetooth using random file names. Especially, this malware is the first one that can spread by sending MMS messages with predefined contents, in which the malware sends itself in an .sis attachment.

Trend Micro points out that the earliest mobile malwares attacked phones over wireless or manual transmissions, requiring installation by unwitting users themselves. However, Comwar takes a huge leap forward from these early malwares, adopting an active infection method, sending pornographic messages to all of the user's contacts to trick them into becoming infected as well.

7 steps to dealing with mobile viruses

The growing threat of mobile malwares shows that malware attacks are able to keep up with new technologies. In addition, resources are easily obtained -- a virus writing group published the source code for the Cabir, the first proof-of-concept mobile worm which propagates through Bluetooth, on a hacker periodical at the end of last year.

This year's sudden appearance of multiple mobile malwares only serves to further prove the source code's authenticity.

Trend Micro gives the following suggestions to prevent increasing mobile attacks:

1. Be particularly careful when accepting files via Bluetooth, in order to avoid infected files.

2. If you become infected, turn off your Bluetooth functions, so that the malware does not find new targets.

3. Delete messages from unknown senders before opening them.

4. Do not install programmes if you are unsure of their origin.

5. Download ring tones and games only from legal, official Web sites.

6. Immediately delete the infected application programmes, and reinstall them.

7. Install an antivirus programme