Mobile phone users, beware! The viruses that attack cell phones are on the loose and may be heading for your phone this very moment.
A recent report from anti-virus and Internet security software firm Trend Micro's TrendLabs indicates that mobile malwares have not only advanced at a surprising rate in the last three months in terms of technology and range of infection, but most users have found them very difficult to remove.
Trend Micro warns mobile phone users to handle these new mobile threats carefully, as they can cause failure in phone files, contact lists, messages, pictures and even basic phone operations.
Although, says Trend Micro, the impact caused by current mobile malware is limited as yet, the emerging threat is quite likely to become a real nightmare for mobile devices users sooner than later.
What is most disturbing is that these malware have adapted more and more sophisticated technology to spread and infect mobile devices.
Crash, programme termination, wireless attack, data theft -- these are terms often associated with computer viruses. But now mobile malwares are growing, and can even infect mobile phones and computers at the same time.
TrendLabs discovered in June 2004 that mobile phones are not immune to attacks by malware programmes. The first mobile phone malware, Symbos_Cabir.A spread only via Bluetooth-enabled devices, but this proof-of-concept worm failed to enter the mainstream.
Yet in the first quarter of 2005, a mere six months later, malware began changing along with new technology trends, with ten new mobile malware boasting revamped techniques appearing on the scene within just three months, says Trend Micro.
Mobile phone vendors currently provide repair services for phone functions, but no Trojan removal services are offered. As a result, the risk faced by phones lacking antivirus software increases day by day, especially for those equipped with Bluetooth.
Mobile malware trends indicate that the wireless domain is currently becoming the battlefield for malicious attacks. Just recently the first mobile Trojan that terminates antivirus software appeared on websites offering free downloads.
Trend Micro's TrendLabs analysed mobile malwares in the first quarter. The analysis showed:
-
Antivirus Software Removal: Symbos_Drever.A removes antivirus programmes; 'retro-viruses' now attack mobile phones.
Symbos_Drever.A, which surfaced in March 2005, is the first mobile phone malware to overwrite certain antivirus applications, such as F-Secure and SimWorks software. The appearance of this type of destructive behavior indicates that mobile threats are already moving towards a certain goal -- data theft may be lurking just around the corner.
The Symbos_Drever.A is a mobile Trojan that steals the user's password and confidential information. It disguises itself as a free antivirus program or game, painstakingly made available for download on illegal software or hacker Web sites.
The malware later led to two new variants, Symbos_Drever.B and Symbos_Drever.C, which were wreaking havoc in the Philippines.
Trend Micro senior antivirus consultant Jamz Yaneza explains: "The appearance of the first mobile Trojan that terminates antivirus software is a warning sign that mobile viruses are becoming more and more powerful, and pose a risk to a large number of mobile phone users. In the first quarter of this year, two variants were created from Cabir, the predecessor to mobile malwares affecting Bluetooth-enabled devices. And now with the addition of the Drever family, I worry that mobile malwares will become a regular addition to security threats."
Trend Micro points out that those mobile phones infected with the Symbos_Drever.A Trojan will display the message, 'Dr Web Forever!!!!', while Symbos_Drever.C curses a security provider with the message, 'Fsecure Must Die!!!!!!'
Yaneza points out that these 'retro-viruses' that can remove antivirus applications have moved the antivirus battlefield from computers to mobile phones. TrendLabs analysis has discovered that reinstalling antivirus software removed by Symbos_Drever.A will eliminate the malware, but users must remember to reinstall it themselves.
-
Computers and mobile phones infected simultaneously: Pe_Vlasco.A & Symbos_Vlasco.A cause some mobile phone applications to fail.
On January 10, Pe_Vlasco.A became the first malware to simultaneously attack computer systems and wireless devices. This virus affects Windows systems, as well as Series 60 mobile phones.
Once the window system is infected, Symbos_Vlasco.A, as an appendage of Pe_Vlasco.A, can then attack mobile phones running Series 60 platform. It replaces some existing applications with new ones, and prevents others from operating properly.
- Phones crash, buttons fail: Phones crash after Symbos_Locknut is downloaded.
Two destructive malware programmes, dubbed by Trend Micro as Symbos_Locknut, suddenly appeared on the scene in early February. The first variant, Symbos_Locknut.A, infects those mobile devices installed with Symbian OS v7.0, causing some keys to fail and even leading to the phone crashing.
Fortunately, Symbos_Locknut.A does not propagate itself, says Trend Micro.
However, the virus author did not sit on his laurels, as the improved version Symbos_Locknut.B displayed increased destructiveness and infection capabilities. This variant imitates the first mobile malware that propagates via Bluetooth, Symbos_Cabir.A.
Spread by disguising itself as a normal file, as soon as a target is detected via the phone's Bluetooth communication functions, and the malicious file is accepted, the newly infected phone will crash and lock up.
- Multiple propagations quicken spread: Symbos_Comwar.A uses multimedia message service (MMS) to hasten widespread propagation.
Symbos_Comwar.A, first appearing in early March, is downloaded from various internet sites as the compressed file Commwarrior.ZIP, and then spreads over Bluetooth using random file names. Especially, this malware is the first one that can spread by sending MMS messages with predefined contents, in which the malware sends itself in an .sis attachment.
Trend Micro points out that the earliest mobile malwares attacked phones over wireless or manual transmissions, requiring installation by unwitting users themselves. However, Comwar takes a huge leap forward from these early malwares, adopting an active infection method, sending pornographic messages to all of the user's contacts to trick them into becoming infected as well.
7 steps to dealing with mobile viruses
The growing threat of mobile malwares shows that malware attacks are able to keep up with new technologies. In addition, resources are easily obtained -- a virus writing group published the source code for the Cabir, the first proof-of-concept mobile worm which propagates through Bluetooth, on a hacker periodical at the end of last year.
This year's sudden appearance of multiple mobile malwares only serves to further prove the source code's authenticity.
Trend Micro gives the following suggestions to prevent increasing mobile attacks:
1. Be particularly careful when accepting files via Bluetooth, in order to avoid infected files.
2. If you become infected, turn off your Bluetooth functions, so that the malware does not find new targets.
3. Delete messages from unknown senders before opening them.
4. Do not install programmes if you are unsure of their origin.
5. Download ring tones and games only from legal, official Web sites.
6. Immediately delete the infected application programmes, and reinstall them.
7. Install an antivirus programme
