Get Smart about Business Spending
- Related Stories
-
Lexus: Cabir won't infect our cars
February 17, 2005 -
Is your TV virus-proof?
February 11, 2005 -
Mobile Trojan launches Skulls attack
January 6, 2005 -
Cabir worm code wriggles onto Web
December 30, 2004 -
Hybrid Trojan horse aims at Symbian phones
December 21, 2004
The malicious software, dubbed "CommWarrior" and described as a virus by some antivirus companies, takes aim at the version of the Symbian operating system running on Nokia Series 60 handsets. F-Secure, SimWorks International and other security providers issued reports about the threat Monday.
CommWarrior attempts to spread by sending messages via Bluetooth wireless connections and Multimedia Message Service--different from the Cabir virus, which only used Bluetooth to proliferate.
MMS, a mobile technology for sending text messages that can also include images, audio or video, is built into devices from Ericsson, Motorola and others. CommWarrior, however, only affects Nokia Series 60 phones.
As MMS can be used to send text messages worldwide, it has a greater reach than the short-range Bluetooth and so could be forwarded more rapidly, researchers said.
"At its best replication speed, Cabir can only spread as quickly as planes fly," said Mikko Hypponen, antivirus research director at Finland-based F-Secure. "But MMS viruses are more comparable to e-mail worms like Bagle, MyDoom, Sobig and others. An MMS threat can travel around the world in hours, so in that regard, it's much more dangerous."
A representative for United Kingdom-based Symbian said the company is aware of the problem and researching the threat with Nokia and its security partners. Nokia could not be immediately reached for comment.
CommWarrior infects the telephone directory software in the Nokia handsets. It randomly selects one directory profile at a time and sends a copy of itself to that person. It can be sent to any kind of wireless gadget or computer, but if that device does not run the Symbian Series 60 software, it will not be infected. A recipient also has to accept and download CommWarrior in order for the Trojan to launch itself.
The Trojan uses more than 20 different messages to try to lure users into opening its file, including text designed to look like legitimate software updates from Symbian, or even pornographic photographs.
CommWarrior has been seen in the wild since the beginning of this year, Hypponen said. An element of the program that causes it to sleep for an undetermined period of time before attempting to spread itself may have helped slow its distribution, he said.
Researchers have noted two versions of the threat thus far, with the only major difference in the strains being the overall file size. Hypponen said there is some Russian-language text hidden inside the files, a clue that the threat may have been developed in that region.
An individual claiming responsibility for creating the threat has made it available for download via a Web site. The site offers no further information about the purported writer of the Trojan.
Based on a lack of consumer reports on the attack, researchers believe that CommWarrior has yet to infect a large number of devices. One reason for the relative dearth of infections may be that the Trojan is trying to send itself to large numbers of landline phones, as it cannot differentiate between mobile and traditional phone numbers.
See more CNET content tagged:
Cabir virus, MMS, Symbian Inc., Nokia Corp., threat
Thank You
Thank You
CWOUTCAST few days ago. since then, my mobile started to switch off while in use and even when on standby. Now appears on my screen, Infected by Commwarrior. by the way, my mobile is N7610.
Can u help?
CWOUTCAST few days ago. since then, my mobile started to switch off while in use and even when on standby. Now appears on my screen, Infected by Commwarrior. by the way, my mobile is N7610.
Can u help?
- by zifars July 12, 2009 9:46 PM PDT
- hello i dont know how did i get the trojan virus but can anyone help me get rid of it?pls coz my phone get easily shut down or easily drain my battery because of the virus i can only use it for only one hour when my batery is full charge ., i bought new battery but still like that pls help me
- Reply to this comment
-
(9 Comments)