New mobile virus ups the ante

Mabir-A is kin to precedent-setting Cabir but with more potential.

This Content Component encountered an error

The latest sign that malware writers are refining attacks on mobile devices comes from Mabir-A, a new worm capable of infecting specific devices through clever social engineering and the use of both Bluetooth technology and multimedia (MMS) messages. F-Secure also warned of a new Trojan called Fontal-A.

Finland-based AV vendor F-Secure this week began warning that the proof-of-concept Mabir-A worm spreads on Symbian Series 60 devices by pretending to be a returned message from a friend or colleague.

More on mobile and Bluetooth

Mobile phone malware: an enterprise problem?

This wireless worm needs some 'tooth'

Once it penetrates a new phone, it searches for other phones in the Bluetooth range to send infected files bearing the same name: "caribe.sis." That's the same file name as Cabir, the first detected mobile virus, but this one operates differently.

In addition, rather than just rifling through an address book for phone numbers of potential victims, Mabir-A listens for MMS or SMS messages coming into the infected phone and responds to those messages with one of its own. This, of course, increases the likelihood someone will open an attachment. A hint the worm-laden message is bogus: there's no text, just a file with a .sis extension.

There's also an interesting glitch in the code. If the worm finds a phone that goes out of range or rejects file transfer, Mabir will continue trying to send the message to the same phone rather than look for other devices, F-Secure said. That may help mitigate Mabir's propagation potential.

Because of similarities in source code, F-Secure experts believe the author of Cabir is behind this latest creation. Mabir is the third mobile virus among the 20 discovered thus far that uses MMS messages to spread. Experts expect that trend to continue as more mobile devices include that functionality.

Fontal-A is a Symbian Series 60 Trojan that installs a corrupted file that damages the applications manager, preventing the installation of any new applications. F-Secure said the Trojan then causes the phone to fail to reboot. If the user tries to reboot the infected phone, it will be permanently stuck in reboot and must be disinfected before it can be used. F-Secure said the only known method of repairing the phone is to use the reformat key combination, which causes the phone to lose all data.

Unlike Mabir, Fontal-A does not spread by itself, not over Bluetooth or any other channel. The most common way for the user to get infected is via IRC or P2P fileshare.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close