Reports of new worms and viruses that target cell phones have dominated headlines recently. What's out there today...
is of little danger to enterprise users, security experts say. But with new variants appearing and source code for the original Cabir worm floating in cyberspace for all to see, the situation could deteriorate quickly.
"For your mobile phone to get hit with something malicious today, you either have to be very unlucky or be downloading a lot of stuff on your cell phone," said Mikko Hypponen, director of AV research for Finish security firm F-Secure Corp. "Younger people face the biggest threat right now, but from an enterprise standpoint there's very little to worry about."
But Hypponen and his team have watched activity pick up in recent weeks. Last week saw the appearance of Lasco-A, which targets Symbian phones by combining two spreading tactics common in PC malware but previously unheard of in mobile systems. It searches all SIS installation files in the infected device and inserts itself as an embedded SIS file. Therefore, any SIS file in the device that gets copied to another phone -- as frequently happens as people swap software -- will also contain a copy of Lasco-A. Like the Cabir worms, it also uses Bluetooth to spread.
Add that to last month's developments: the appearance of a new Skulls Trojan horse that targets Symbian Series 60 phones and reports that the Russian-based 29A virus group had released the original source code for the Cabir-A worm.
These threats may not be a problem for enterprises today, but Hypponen said the spike in activity should serve as a warning to corporate IT administrators that something damaging could come their way with little notice.
"Enterprise users should be watching because the situation could change very rapidly, and I mean today," he said. "Anyone can go to the right Web site and pick at the code. With the code out there on the Internet for anyone to look at and play with, enterprises must be concerned."
He compares it to the growing bot problem. "One of the reasons bots are such a problem is [because] it's widely available source code," Hypponen said. "You could see the same thing with the mobile phone viruses. Someone could eventually come up with more effective mobile phone viruses as quickly as they come up with new bot variants."
His advice: "Make sure everyone in your enterprise knows the rules for company cell phones -- no downloading games, doing personal e-mails or visiting untrusted Web sites. Right now, it's more about education and thinking about precautions."
Chris Novak, senior security consultant for Belgium-based security firm Ubizen, said he has seen no evidence of these worms and viruses spreading among his clients. He believes the real threat will come in the next two or three years, when cell phones with easy Web and e-mail access will be cheaper, in wider use and connected to larger enterprise networks.
"Today there are different pieces of code out there like Cabir, but we really haven't seen anything major," he said. "It's really proof-of-concept code right now, nothing damaging at this point. With things like last year's adoption of the 802.11i protocol for wireless devices, we'll see a proliferation of wireless interest. But most enterprises haven't made firm plans to move forward with the technology yet."
Graham Cluley, senior technology consultant for Lynnfield, Mass.-based antivirus firm Sophos, agrees with Hypponen that the situation could deteriorate quickly given recent developments.
"Publishing virus source code on the Web is dangerous because it encourages others to create malware," he said in a recent statement. "Although viruses for mobile phones have, to date, been creating more hype than havoc, it's possible that more malicious people will now be investigating ways to infect cell phones. All users should be very careful about what applications they allow to install and run on their mobile device."