Mobile Malware Will Be A Social Disease

[jmiller]

Dad, I've got a problem. It burns when I text.

As the mobile phone generation graduates and begins classes in Smart Phone University, the risks of contracting certain "social" viruses will be on the rise.

The next epidemic of malware will ride the streams of Bluetooth to infect everybody within 30 feet. The surgeon general's warning to "always use protection" is suitable guidance for the inevitable attacks scheduled to begin as early as 2007.

In April, Security software firm SimWorks announced that the number of known trojan viruses found doubled. All of the viruses targeted Symbian-based phones, widely licensed by mobile phone giant Nokia.

The spate of trojan viruses, which hide themselves inside other applications-especially games, raised some cautionary, but not overwhelming, concern. None of them was found "in the wild."

This is likely because cell phone malware is still in a sort of "test phase," as most of it is produced by "proof-of-concept" entities who create the software and send it to security firms for testing. These are preparatory measures, but ne'er-do-wells keep close tabs and work on their own versions.

Though 20 million smart phones (phones that have computer operating systems with Internet and wireless capabilities among others) were sold last year, proliferation hasn't saturated the general population enough for this to become widespread. But it is growing and security experts expect it to continue exponentially.

Gartner IT Security predicts three conditions that must occur before the nuisance of mobile malware begins to be a real problem. (Read the Search Security article here.)

· Penetration of smart phones and PDAs with always-on wireless must exceed 30% of consumers and organizations. Right now Gartner projects that figure to reach 10% by the end of this year.

· Mobile platforms' operating systems and application languages must consolidate to no more than three choices splitting 90% of the market, with one platform getting nearly half of market share.

· Mobile device users must be accustomed to commonly sending and receiving locally executable software.

"When all these factors come together, an attack could be more realistic," Gartner Vice President John Pescatore said. "In 2007 we'll begin to see incidents that cause damage."

The first known mobile worm was developed by proof-of-concept firm, Cabir, out of Eastern Europe. Since its inception it has mutated several times from the original, from Cabir.A through Cabir.I.

All strains of Cabir run on Symbian Series 60 platform, overwhelmingly used on Motorola, Nokia, Panasonic, and Sony Ericsson smart phones. The Cabir worms are transmitted through an infected application, an .SIS
(Symbian installation system) application-installation file. It is spread through file sharing, like two friends connecting wirelessly to download games from one another.

The craftiness of the application, though, is the scarier part. Cabir can replicate and transmit itself via Bluetooth by automatically trying to connect to other smart phones within a 10m radius. Phones targeted display a message asking the user if he/she wants to accept an outside message via Bluetooth. Once infected, the screen displays variations of the text "Caribe," and begins to bog down the phone by constantly looking for other phones to connect to.

It spreads, literally, like an airborne virus, infecting phones with little protection or gullible owners. It has spread to 21 countries so far.

"We recently reported [Cabir's] arrival in Australia and in other countries like China, the Philippines, Singapore, and the United Arab Emirates," Aaron Davidson, CEO of SimWorks International.

Lasco.A, which is based on Cabir, is the latest mutation. The first to use two methods of replication, Lasco.A can create its own .SIS installer file that it sends to other phones on its own, or it can trojan itself into other .SIS applications to be transmitted through file sharing.

The implications of infected phones are sweeping and unnerving. The minimum nuisance would be a spam annoyance that could slow down or stall everything completely. Theoretically though, these digital diseases could worm their way into credit lines, information databases, accounting records, even your car.

Finnish security firm F-Secure, however, doesn't believe that cars with Bluetooth wireless capabilities can be infected. The Helsinki-based company ran tests on a Toyota Prius and investigated the theory.

"We wanted to simulate a situation where someone just walks past the car with a Cabir-infected phone that has not been paired with the car," F-Secure's researchers said on the company's site.

"Then we recreated a situation where the phone of the owner of the car is infected and he does Bluetooth operations with the car."

Neither test was able to transmit the worm. The Toyota rejected Cabir's attempts to intrude and even blocked manual attempts by the researchers. This isn't to say of course, somebody won't develop a version that can infect a car sometime soon.

Mobile phone companies are taking action. Japan's DoCoMo is providing customers with McAffee's VirusScan technology on all new Symbian-based FOMA 901i phones.

Nokia has new Symantec Client Security software preloaded onto two new phones, updatable through Symantec LiveUpdate.

Trend Micro unveiled Trend Micro Mobile Security that provides antivirus and antispam protection.

Trend Micro also offers these seven guidelines for protecting your mobile phone against infection:

1. Be particularly careful when accepting files via Bluetooth, in order to avoid infected files.
2. If you become infected, turn off your Bluetooth functions, so that the malware does not find new targets.
3. Delete messages from unknown senders before opening them.
4. Do not install programs if you are unsure of their origin.
5. Download ring tones and games only from legal, official Web sites.
6. Immediately delete the infected application programs, and reinstall them.
7. Install an antivirus program.