|
|
|
|
|||
| Home | News | Reviews | Features | FREE Downloads | Forums | Compare PDA Prices | Compare SmartPhone Prices | |||
|
 |
|
BlackBerryToday > News > Smartphone Malware Masquerades as Antivirus Program Smartphone Malware Masquerades as Antivirus Program
By Tim Gray & James Alan Miller
When it comes to handhelds, the Symbian operating system (particularly Series 60 interface phones)—by far the most popular smart mobile device platform—are on the top of every malware developer's list. Today, Anti-virus maker F-Secure warned Symbian phone users about a slippery new trojan disguising itself as an antivirus application. Although the worm, dubbed Skulls.L, is similar to the Skulls.C trojan, writers have added a new wrinkle that differentiates it from previous variants: It's advertised with a name used for F-Secure's Mobile Anti-Virus installation package. "The trojan obviously does not contain pirate copied version of anti-virus, it breaks the system applications on the phone, so that none of the smartphone functions of the phone are (sic) as long as the phone is infected," Jarno Niemela, a virus researcher, wrote on the company's weblog. The Skulls trojan first
surfaced in November. The only difference in Skulls.C is the disguise.
Once transmitted, Skulls.L can appear in phone dialog boxes with the text "F-Secure Antivirus protects you against the virus. And don.t forget to update this!" The virus is capable of disabling smartphone features by deactivating messaging, net access and other applications, F-Secure said. "Once this occurs the application icons on the phone are replaced with pictures of skulls. F-Secure's mobile anti-virus is signed by Symbian - unlike Skulls trojans - and the warning about missing installation package signatures should be a giveaway it is bogus," the company said. The company recommends against downloading F-Secure anti-virus files from any server other than its own. "If Skulls.L is installed, only the calling and answering functions of the phone will continue to work. Functions that need some type of system application, such as SMS and MMS messaging, Web browsing and cameras, will not work.
Basic Security
So, as a rule, it is a good idea not to accept Bluetooth messages from unknown users. And as anti-virus company F-Secure's director of anti-virus research Mikko Hypponen recommends, operate your device in hidden Bluetooth mode to avoid being infected. Mobile Malware History
March 2005
January 2005
December 2004 (For more, see New Cabir Variants are Spreading Fast)
(For more see Trojan Targets Anti-Virus Achilles Heel)
November 2004
(See Security Update: Skulls Hit Symbian Phones)
August 2004
Mosquito becomes activated when you launch the pirated game. Upon which, it copies itself to the system/apps/Mosquitos/ folder on the smartphone and then sends SMS messages out in the background at premium rates while the game was being played.
A few days later... The saga of the first Trojan Horse for Symbian smartphones takes a twist worthy of Homer's epic poem the Iliad, as it becomes apparent that the perpetrator is the developer of the infected game itself. Ojum placed the Trojan in the game Mosquito as a form of copy protection.
So if a "cracked" or illegal version of the game was developed or Mosquito was played on an unregistered smartphone, the Trojan dialed a specific number silently in the background—sending an SMS message notifying the company. Although it worked as planned, it backfired too, as a number of legitimate users were affected.
(For more, see Mosquito Trojan Bites Developer Back)
June/July 2004
So EPOC.Cabir (Symbian) and WinCE.Dust (Pocket PC) were developed not to create havoc but to prove that malicious code for handhelds could be generated. First comes Cabir in June, which is disguised as the Caribe Security Manager utility—part of a Symbian smartphone's security software. When launched, the worm made the smartphone's screen display the inscription Caribe.
The worm then penetrates the system and is activated each time you started your phone. It also scans for other phones using Bluetooth to send out copies of itself. The intial malware trojan's appeared to be based on this initial "proof-of-concept" creation.
Next comes WinCE4.Dust for Pocket PC handhelds and phones. The malware writer only sends the virus to anti-virus vendors, claiming that it, like EPOC.Cabir, was created to show that a Pocket PC virus could be developed and spread. Also, unlike malicious worms, WinCE4.Dust asked the handheld owner if it could spread itself.
You can find mobile security guidelines in the following articles: --Handheld Security: Part V - Enforce Policies, Keep Network Safe --Handheld Security: Part IV - The Mobile VPN --Handheld Security: Part III - Evaluating Security Products --Handheld Security: Part II - Understand Vulnerabilities --Handheld Security: Part I - Learn the Basics --Top 10 Items You Shouldn't Allow on Employee Unprotected PDAs (and what do about it) Related Links:
| |||||||||||||||||||||||||
|
|
|
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
