A new piece of malicious code targets wireless phones through Bluetooth and the Multimedia Messaging Service (MMS). Security experts say CommWarrior is built to spread more aggressively than the proof-of-concept Cabir worm that first surfaced last year. But at this point, nobody expects a massive outbreak.
"This has more potential to spread than Cabir," said Victor Kouznetsov, senior vice president of mobile technology for Santa Clara, Calif., antivirus giant McAfee. "This isn't a proof-of-concept like Cabir. This was written to be like a real Internet worm."
Despite that, McAfee's
McAfee described the threat as a malicious .sis file targeting Nokia Series 60-based devices. "The virus masquerades as a variety of benign applications, including games, porn and cross platform emulators," the advisory said. "It replicates by sending itself to nearby Bluetooth devices as well as via MMS. The MMS recipient appears to be selected from the host address book. Once it is in the host inbox the user can view the message and must approve the installation of the .sis. Once installed, several files are dropped and the virus sets itself up for automatic execution at system start."
Mikko Hypponen, director of AV research for Finnish security firm F-Secure Corp., has been watching the growing threat to wireless phones closely in recent months. His lab's Weblog mentions the latest activity almost daily. In a blog message Monday, he noted that MMS messages include text and an image, audio or video and are sent from one phone to another or to e-mail.
"Phone viruses so far have been spreading over Bluetooth, so they only affected phones that were nearby," he said. "A MMS virus can potentially go global in minutes, just like e-mail worms do."
He said CommWarrior appears to be from Russia because it contains text that says "OTMOP03KAM HET!" He said that roughly translates to "No to braindeads."
Reports of new worms and viruses that target cell phones have dominated headlines in recent months. What's out there today is of little danger to enterprise users, security experts have said. But with new variants appearing and source code for the original Cabir worm floating in cyberspace for all to see, Hypponen has warned the situation could deteriorate quickly.