Another Cell phone Virus

[Fire14]

URL: http://news.zdnet.com/2100-1009_22-5460194.html

Virus writers are targeting Symbian-based cell phones with a Trojan horse that kills off system applications and replaces their icons with images of skulls.

The program, dubbed "Skulls" by antivirus companies, is disguised as a theme manager for Nokia phones in the Symbian Installation System format, said Mikko Hypponen, director of antivirus research for software

Photo: F-Secure
The Skulls Trojan horse changes system icons, disabling all but phone functions.
maker F-Secure. Only a few people have managed to run across the program on the Web and then downloaded and run the Trojan horse, he said.

"We are not talking about a huge amount of infected people, and it is not a virus, so it is not spreading," Hypponen said.

The program is the latest threat to affect mobile phones and PDAs. Earlier this month, a program called Delf infected PCs in order to send spam to mobile phone users in Russia. Two other malicious programs--Mosquito and Cabir--were also aimed at infecting phones that use the Symbian operating system. The creators of Cabir even created a version that attempts to infect Windows CE devices.

Like the latest threat, none of the cell-phone attacks have yet amounted to much.

When run, the Skulls program breaks all the links to Symbian system applications and replaces the icons with images of skulls. Third-party applications are not affected, Hypponen said, allowing users that have installed a non-Symbian file manager to actually find and delete the malicious program files, cleaning the phone.

For users that have no third-party file manager, the only current fix appears to be a hard reset, which will leave the phone in its default factory condition. Unfortunately, this fix will also delete any user data.

"In practice, it is difficult to clean the phone," Hypponen said. "You can't go online, you can't download fixing programs, you can't beam anything to the phone."

While the program can cause some headaches, it is not a significant threat.

Still, it is a signpost indicating the direction that virus writers could be headed, said Vincent Weafer, senior director for security response at Symantec, a maker of antivirus software.

"It does no permanent damage," he said. "But it does mean that people are investing time in investigating the possibilities" for infecting and damaging mobile phones, he said.

[MOTOhooligan]

Great... just what we need. Don't people have better things to do with their time?

[Mobile Mike]

[agentHibby]

Quote:

Originally Posted by rancidhooligan

Great... just what we need. Don't people have better things to do with their time?

Break into bank accounts, hijack websevers, spam all email address

[ShoresGuy]

Even with such viruses being developed to target the Symbian OS, it's not as annoying to have something like this on your phone whereas it's a lot easier to get a virus on one's computer.

[Gamer03]

Quote:

Originally Posted by ShoresGuy

Even with such viruses being developed to target the Symbian OS, it's not as annoying to have something like this on your phone whereas it's a lot easier to get a virus on one's computer.

Even with Norton Internet Security and AntiVirus or other programs, not all viruses are protected all the time.

Plus, unless the user knows what they are doing, they need to get the latest updates for their virus scanner program by connecting to the company's server.

I'm glad I don't have a phone that runs on the Symbian system.

[ShoresGuy]

Correct but even with viruses around, I'm not too concerned about my Symbian OS phone since I don't upload games to it as much.

[Fire14]

I saw an article yesterday saying there is a new varient of this virus out & one way of it transfering is thru BT, I will see if i can find the article.

[ShoresGuy]

Ok so it takes advantage of someone sending something through BT then? It's not something which activates BT without your knowledge and starts sending stuff?

[Fire14]

Here is the Article I found about the 2nd version.

This story from ZDNet News,
located at http://news.zdnet.com.
--------------------------------------------------------------


Matt Hines URL: http://news.zdnet.com/2100-1009_22-5469691.html

Virus writers have unleashed a second version of the "Skulls" Trojan horse and packaged it with a cell phone virus, a security company has warned.

The hybrid Skulls.B Trojan horse displays images of skulls instead of the program icons on handsets running the Symbian operating system, software maker F-Secure said in an advisory Monday. It also releases the Cabir.B worm, the company said.

Cabir, which asks its victims if they would like to be infected, was thought to be a proof-of-concept virus when it was released earlier this year. The virus spreads by sending itself to other handsets within Bluetooth broadcasting range.

Phones infected with the Skulls.B hybrid can infect nearby handsets with Cabir. The Trojan horse, though, can only be downloaded and does not spread using Cabir as a vehicle. Skulls was originally distributed on Symbian shareware Web sites as "Extended Theme Manager."

When infected with Cabir, a phone displays the word "Caribe" on a screen as the worm modifies the Symbian operating system and looks for other cell phones to target.

F-Secure said that cell phones from manufacturers such as Nokia, Siemens, Panasonic and Sendo were vulnerable. It has posted advice on disinfecting cell phones on its Web site.

But Symbian has said in the past that the Trojan horse only affects mobile phones running Nokia's Series 60 software. The software developer could not be immediately reached for comment.

Mikko Hypponen, director of antivirus research at F-Secure, said that Skulls represents only a mild threat to mobile device users at this point, based on its Trojan horse design. But he said the program is indicative of a growing effort among virus writers to target wireless handsets.

"Obviously what we're seeing here are the early days of a new platform, with the bad guys trying to find different ways to attack (cell phones) and test out different technologies," Hypponen said. "Skulls' existence shows that there is increasing activity in the underground looking at phones and genuine interest in how to write Trojans, backdoors and viruses for these devices."

In addition to creating something of a template for future mobile device viruses, Hypponen said that Skull's existence highlights the fact that phones may be more vulnerable to attacks than other devices, based on their direct ties to systems that deal with purchases and other transactions.

"The biggest difference from PC viruses to phone applications are the direct links to money," he said. "If you can infect a phone you can immediately begin making calls or sending text messages to toll numbers in order to steal from someone. The theft will happen a lot faster than it did with PCs."

[ShoresGuy]

Why does Nokia always get caught with this kind of thing? Symbian is mostly their baby, let's hope they will make some major improvements once S60 Version 2 is released.