- Related Stories
-
Skulls on cell phones don't scare Symbian
November 22, 2004 -
Skulls program kills cell phone apps
November 19, 2004 -
Trojan horse drives spam into cell phones
November 9, 2004 -
Mosquito software bites smart phones
August 12, 2004 -
First virus for Windows CE surfaces
July 16, 2004 -
Smart-phone worm has a hang-up
June 15, 2004
The hybrid Skulls.B Trojan horse displays images of skulls instead of the program icons on handsets running the Symbian operating system, software maker F-Secure said in an advisory Monday. It also releases the Cabir.B worm, the company said.
Cabir, which asks its victims if they would like to be infected, was thought to be a proof-of-concept virus when it was released earlier this year. The virus spreads by sending itself to other handsets within Bluetooth broadcasting range.
Phones infected with the Skulls.B hybrid can infect nearby handsets with Cabir. The Trojan horse, though, can only be downloaded and does not spread using Cabir as a vehicle. Skulls was originally distributed on Symbian shareware Web sites as "Extended Theme Manager."
When infected with Cabir, a phone displays the word "Caribe" on a screen as the worm modifies the Symbian operating system and looks for other cell phones to target.
F-Secure said that cell phones from manufacturers such as Nokia, Siemens, Panasonic and Sendo were vulnerable. It has posted advice on disinfecting cell phones on its Web site.
But Symbian has said in the past that the Trojan horse only affects mobile phones running Nokia's Series 60 software. The software developer could not be immediately reached for comment.
Mikko Hypponen, director of antivirus research at F-Secure, said that Skulls represents only a mild threat to mobile device users at this point, based on its Trojan horse design. But he said the program is indicative of a growing effort among virus writers to target wireless handsets.
"Obviously what we're seeing here are the early days of a new platform, with the bad guys trying to find different ways to attack (cell phones) and test out different technologies," Hypponen said. "Skulls' existence shows that there is increasing activity in the underground looking at phones and genuine interest in how to write Trojans, backdoors and viruses for these devices."
In addition to creating something of a template for future mobile device viruses, Hypponen said that Skull's existence highlights the fact that phones may be more vulnerable to attacks than other devices, based on their direct ties to systems that deal with purchases and other transactions.
"The biggest difference from PC viruses to phone applications are the direct links to money," he said. "If you can infect a phone you can immediately begin making calls or sending text messages to toll numbers in order to steal from someone. The theft will happen a lot faster than it did with PCs."
Dan Ilett of ZDNet UK reported from London.
See more CNET content tagged:
Cabir virus, Symbian Inc., F-Secure Corp., handset, worm
Symbian OS allows native code to be downloaded and executed. There is no verification of the code executed. For example, an apparently harmless application labelled "personal diary" can turn into something malicious after installation and there is nothing the platform will do to prevent that. That's exactly what's happening with Skulls/Cabir.
Trojan's are nothing new however - you can install programs onto your PC too that appear to do something useful but are in fact malicious. I think that if a PC doesn't do something then expecting a smartphone, with its correspondingly smaller resources, probably is asking too much.
As with PC's, there is no simple answer to the problem of viruses and other malware for phones. The Symbian Signed program is a start (you can rely on a Symbian Signed app not to be malicious) but ultimately most of the software that people download to their phones will not be signed and so fairly shortly we'll all need to pick up one of the Symbian anti-virus applications that are now available through sites like Handango.
Kind regards,
Aaron Davidson.
http://www.simworks.biz
Symbian OS allows native code to be downloaded and executed. There is no verification of the code executed. For example, an apparently harmless application labelled "personal diary" can turn into something malicious after installation and there is nothing the platform will do to prevent that. That's exactly what's happening with Skulls/Cabir.
Trojan's are nothing new however - you can install programs onto your PC too that appear to do something useful but are in fact malicious. I think that if a PC doesn't do something then expecting a smartphone, with its correspondingly smaller resources, probably is asking too much.
As with PC's, there is no simple answer to the problem of viruses and other malware for phones. The Symbian Signed program is a start (you can rely on a Symbian Signed app not to be malicious) but ultimately most of the software that people download to their phones will not be signed and so fairly shortly we'll all need to pick up one of the Symbian anti-virus applications that are now available through sites like Handango.
Kind regards,
Aaron Davidson.
http://www.simworks.biz
The Cabir worm found in Skulls.b was packaged with an application called Camtimer, a piece of free Nokia software. The Camtimer/Cabir.b worm combo (Camtimer.a) packaged with Skulls.b was not pack correctly and the Cabir virus would not auto-start.
This new variant, Camtimer.b has been packaged correctly and so in this version Cabir will auto-start.
The installation file for Camtimer.b is called CAMTIMER.sis and Series 60 phone users should exercise caution if downloading this from untrusted sites and consider purchasing anti-virus software for their phones from reputable sites such as Handango.
Best regards,
Aaron Davidson.
http://www.simworks.biz
- Camtimer.b now discovered
- by aldsimworks December 2, 2004 11:16 PM PST
- Symbian virus writers have now decided to have another go at this. SimWorks has identified a new variant of the Camtimer/Cabir combo originally included in Skulls b, this time seperate from the Skulls trojan.
- Like this Reply to this comment
-
(8 Comments)The Cabir worm found in Skulls.b was packaged with an application called Camtimer, a piece of free Nokia software. The Camtimer/Cabir.b worm combo (Camtimer.a) packaged with Skulls.b was not pack correctly and the Cabir virus would not auto-start.
This new variant, Camtimer.b has been packaged correctly and so in this version Cabir will auto-start.
The installation file for Camtimer.b is called CAMTIMER.sis and Series 60 phone users should exercise caution if downloading this from untrusted sites and consider purchasing anti-virus software for their phones from reputable sites such as Handango.
Best regards,
Aaron Davidson.
http://www.simworks.biz