August 31, 2005 7:30 AM PDT
F-Secure: Commwarrior claims first big victim
F-Secure security expert Patrick Runald said Tuesday that an outbreak of the Commwarrior.B virus occured at an unnamed Scandinavian company last Wednesday.
"This is the first time a mobile virus has infected an organization," Runald said. "It's a particularly nasty version of Commwarrior, as it just doesn't give up."
Commwarrior targets mobile phones that use the Symbian Series 60 operating system, and the bug spreads using Bluetooth and multimedia messaging technology, or MMS.
There are a few variants of the bug. With Commwarrior.A, an infected phone will spend the period between 8 a.m. and midnight attempting to spread the infection to other phones. Between 7 a.m. and 8 a.m, it attempts to delete evidence of its activity.
Commwarrior.B, on the other hand, "will continuously try to send itself for 23 hours out of 24," Runald said. "It's nastier than CommWarrior.A."
One of the employees at the company in question apparently received Commwarrior.B via, and then activated it by opening the program. "The virus then sent itself to every address in the address book; it was opened by more employees, who activated it, and it spread," Runald said.
Warnings that the messages did not come from a secure source were apparently ignored by employees.
"Fortunately, this did not affect the operation of the company," Runald said. The operator at the company disabled MMS temporarily, and Bluetooth was also disabled, which prevented the spread of the virus. The phones were then disinfected.
Runald recommended this approach to any other company that becomes infected.
6 commentsJoin the conversation! Add your comment