Mobile phone malware: an enterprise problem?

By Bill Brenner, News Writer 14 Jan 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Reports of new worms and viruses that target cell phones have dominated headlines recently. What's out there today is of little danger to enterprise users, security experts say. But with new variants appearing and source code for the original Cabir worm floating in cyberspace for all to see, the situation could deteriorate quickly.

"For your mobile phone to get hit with something malicious today, you either have to be very unlucky or be downloading a lot of stuff on your cell phone," said Mikko Hypponen, director of AV research for Finish security firm F-Secure Corp. "Younger people face the biggest threat right now, but from an enterprise standpoint there's very little to worry about."

But Hypponen and his team have watched activity pick up in recent weeks. Last week saw the appearance of Lasco-A, which targets Symbian phones by combining two spreading tactics common in PC malware but previously unheard of in mobile systems. It searches all SIS installation files in the infected device and inserts itself as an embedded SIS file. Therefore, any SIS file in the device that gets copied to another phone -- as frequently happens as people swap software -- will also contain a copy of Lasco-A. Like the Cabir worms, it also uses Bluetooth to spread.

Add that to last month's developments: the appearance of a new Skulls Trojan horse that targets Symbian Series 60 phones and reports that the Russian-based 29A virus group had released the original source code for the Cabir-A worm.

These threats may not be a problem for enterprises today, but Hypponen said the spike in activity should serve as a warning to corporate IT administrators that something damaging could come their way with little notice.

"Enterprise users should be watching because the situation could change very rapidly, and I mean today," he said. "Anyone can go to the right Web site and pick at the code. With the code out there on the Internet for anyone to look at and play with, enterprises must be concerned."

He compares it to the growing bot problem. "One of the reasons bots are such a problem is [because] it's widely available source code," Hypponen said. "You could see the same thing with the mobile phone viruses. Someone could eventually come up with more effective mobile phone viruses as quickly as they come up with new bot variants."

His advice: "Make sure everyone in your enterprise knows the rules for company cell phones -- no downloading games, doing personal e-mails or visiting untrusted Web sites. Right now, it's more about education and thinking about precautions."

Chris Novak, senior security consultant for Belgium-based security firm Ubizen, said he has seen no evidence of these worms and viruses spreading among his clients. He believes the real threat will come in the next two or three years, when cell phones with easy Web and e-mail access will be cheaper, in wider use and connected to larger enterprise networks.

"Today there are different pieces of code out there like Cabir, but we really haven't seen anything major," he said. "It's really proof-of-concept code right now, nothing damaging at this point. With things like last year's adoption of the 802.11i protocol for wireless devices, we'll see a proliferation of wireless interest. But most enterprises haven't made firm plans to move forward with the technology yet."

Graham Cluley, senior technology consultant for Lynnfield, Mass.-based antivirus firm Sophos, agrees with Hypponen that the situation could deteriorate quickly given recent developments.

"Publishing virus source code on the Web is dangerous because it encourages others to create malware," he said in a recent statement. "Although viruses for mobile phones have, to date, been creating more hype than havoc, it's possible that more malicious people will now be investigating ways to infect cell phones. All users should be very careful about what applications they allow to install and run on their mobile device."

Tags: Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Server Threats and Countermeasures Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis Web Application and Web 2.0 Threats New Facebook worm propagates using sexy model Web security firm ranks Firefox, Safari browsers as flaw prone Web application vulnerability assessment shows patching progress Layoffs prompt insider threat fears, cybersecurity survey finds Botnet masters turn to Google, social networks to avoid detection Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Kaspersky system analyzes malicious URLs on Twitter for malware Pushdo botnet uses Facebook to spread malicious email attachment Do Facebook URL security concerns justify blocking social networks? Malware, Viruses, Trojans and Spyware New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache cramming  (SearchSecurity.com) content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary