Threats have escalated since then. The number of known mobile viruses and Trojans keeps growing. However, the likelihood of being hit by mobile malware is still much, much lower than the likelihood of getting hit by PC malware. Most of the real-world problems with mobile phones are happening in Europe and Southeast Asia. Have the malware writers done any real damage yet, or is most of this still in the proof-of-concept stage?
None of the malware that we've seen so far uses vulnerabilities or exploits. Instead, they are relying on the users to install and run the malware on the devices. Today's mobile malware seems to be written by hobbyists who have limited skills and resources. From what you've been able to tell, what is the most common type of malware showing up in mobile devices?
Much of the malware that we know of are Trojans. Despite the number of different Trojans, however, mobile worms like Cabir and Commwarrior are the most widely spread and are causing limited infections in many parts of the world. This is because these worms have the means to spread themselves over the Bluetooth and MMS. Which phones appear most susceptible at this point?
There are currently no signs of botnets using mobile phones. This might be a growing threat in the future, because mobile phone processing power and mobile network connection speeds are growing. I could see mobile phone botnets being used to send email spam or text messaging spam to other phones. Talk about how an infection can be transferred from a phone to PCs and larger company networks.
Use common sense and install security software both to your PC as well as to your smart phones. Don't accept or install any software from untrusted sources. Don't swap memory cards between phones. Keep your Bluetooth in hidden mode to prevent unwanted interruptions. I'd like to emphasize that the solution is not to avoid smart phones. We have tons of Windows malware, too, and people still seem to be happily buying PCs. It also seems that IT shops still have some time to deal with this threat.
The situation on the mobile side is pretty good at the moment. If we play our cards right and prepare with the right kind of safeguards and continue the good co-operation between security companies, operators, manufacturers and operating system vendors, hopefully we'll stay ahead of things.