Cell phone virus turns up the heat

Cell phone viruses, largely considered a paper tiger in the digital security world, became a bit more dangerous this week with the release of a two-pronged program.

Writers have released a virus, known as Lasco.A, that spreads both through wireless connections and by attaching itself to files, antivirus company F-Secure said Monday. Until now, malicious cell phone programs have spread using one mechanism or the other.

"We have received a new Symbian malware that combines two spreading tactics, which is common in PC malware but previously unheard of in mobile systems," F-Secure said in a posting on its Web site.

The Lasco.A virus will attach itself to any application file on a phone that uses the Symbian operating system, F-Secure said. It is activated when cell phone owners click on the file and install it on their handsets.

"Thus any (application) file in the device that gets copied to another phone, as frequently happens as people swap software, will also contain a copy of Lasco.A," F-Secure said.

The program also acts like a computer worm, attempting to copy itself directly to any phone within range using Bluetooth wireless technology, F-Secure said. That capability is similar to several recent worms--variants of the Cabir worm--that have managed to spread to a limited amount of phones in the wild.

Such programs have not been very successful, however. Only recent cell phone operating systems are programmable to the extent that viruses can effectively spread. Moreover, the large number of proprietary operating systems used in cell phones make the development of broad threats much more difficult.

As the new virus can only spread on cell phones that have Bluetooth in discoverable mode, the best way to protect handset systems is to set it to hidden Bluetooth mode, F-Secure has advised.

Cell phone virus turns up the heat

Because of the way Viruses and worms spread, Mobile phones have never realy been a serious target for malware writers, you just get the occasional proof of concept where some little virus writer proves his ingenuity in coding abilities to actualy create something new, whereas 95% of most viruses are poor copies of something else already written.

The Security industry has allways had to play catch up with the antics of the virus writers and create fixes for problems that these unscrupulous virus writers exploit.

With the new smart phones, PDA's ect, the developers of the OS on these platforms should now learn a lesson from the computer industry. Dont concentrate on developing new OS's that look neat and gimmicky and offer functionality that most users will hardly use; But concentrate on developing a platform that is secure from the very bottom and is functional for its everyday usage without compromising security.

Smart phones are relativley unnafected by malware so far, lets keep it that way by the OS developers exercising a little vision on security now. Otherwise were just gonna have to keep paying out for an additional layer of security in addition to our computers.

Sean Kelly
www.ISSuperstore.com

[Prndll]

lol

...and they want me to buy large amounts of money for a cellphone that I can use as a credit card???

Symbian "virus" hype overblown

(I posted nearly the same comments to a previous story, for the record, but again, from a Symbian software engineer's perspective:)

First, has anyone noticed that all of these cell phone virus stories have the same source, which is an antivirus software maker?

As for this new "turning up of the heat"-- it's not "any application file" it attaches to, it's a Symbian Installation Script file, which people generally install from but then delete.

More importantly, like the "viruses" in the other reports, nothing would happen transparently. The user would agree to receive the file, agree to install a program, agree that it's OK to install unsigned software, and so on. And even if your Bluetooth setting is "discoverable", files don't get sent to you automatically by strange devices, you have to acknowledge or pair with a device.

The hype about "discovery" of Symbian "viruses" is generally just that, hype.

With any environment where you speak directly to the OS, including all PC platforms, it is possible (in fact easy) to code apps that pretend to be other apps and do malicious things.

But when people think of viruses, trojans, etc., they usually think of the PC/Windows world where applications can be installed unwittingly, as with scripting languages in email attachments, or unknowingly, like spyware which downloads components transparently over the Internet. And they think of exponential growth quickly affecting thousands of users.

This is not the case at all with these Symbian "viruses." There are applications and you would install them only by actively retrieving them, or if you allow automatic Bluetooth upload from unrecognized devices. THEN you would go through a series of dialogs asking for confirmation (and generally warning about the supplier being unknown etc.). Anyone who does all that without knowing the source deserves to get hosed.

I've yet to see reports of any widespread suffering from these viruses, just a handful of anecdotal or experimental cases. When thousands or even hundreds of users run into problems I'll believe there is something to worry about.

[David Arbogast]

Not quite so safe...

Actually, the "Skulls.B" variant does not show pop-up massages except a single installatin security warning. In addition, the Cabir worm, which is deployed via Skulls.B was apparently found within Camtimer, a piece of free Nokia software.

If you search message forums, you'll find quite a large number of people working to clean these things off their phone. Some have lost complete use of their phones. Pop-up or no, I don't think the problem is too tremendously overstated. And a popup will not protect millions of unsavvy users... especially if they are downloading software from Nokia.