September 22, 2005 10:02 AM PDT
Cell phone virus tries leaping to PCs
Cardtrap.A, a Trojan that attacks Symbian mobile phone operating systems, attempts to infect users' PCs if they insert the phone's memory card into their computers. Though this latest threat is considered low-level because it requires user interaction and fails to launch on a number of Windows systems, including XP, it may be a precursor to more sophisticated viruses designed for transfer between mobile devices and PCs, said Mikko Hypponen, F-Secure chief research officer.
"We expect to see more of this on the mobile front," Hypponen said. "We may begin to see Windows viruses spreading to PDAs that are synched up to computers, or go from PCs to mobile phones with the memory card."
Cardtrap.A copies two worms, Win32/Padobot.Z and Win32/Rays, to a phone's memory card. Once that card is inserted into the PC, Padobot.Z will attempt to start automatically on Windows-based machines via the autorun.inf file. The Ray worm, meanwhile, will create a bogus system folder on the user's desktop. Clicking on the folder unleashes a worm into the user's computer system.
The Ray worm is more likely than Padobot.Z to take root in a system, because the Padobot worm may only launch on older versions of Windows, or be restricted to just a few memory card readers.
Windows does not generally support auto-run from a memory card, which means that a virus won't automatically be transferred from a memory card to a user's PC and then launched. But in some instances, memory cards appear to the PC as CD-ROM drives, which would trick the auto-run feature into running the file, Hypponen said.
The volume of mobile-device malicious software has been rising rapidly, with 83 different viruses emerging within just a 14-month period, he added. Among the threats were the Fontal.A Trojan horse in April, the CommWarrior Trojan and the infamous Cabir virus.