Mobile malware writers 'think outside the square'

Just days after the alleged first Windows CE Trojan horse was identified, a Trojan for rival mobile operating system, Symbian, was discovered.

The Symbian Trojan infects phones using the Series 60 user-interface platform to run an illegally adapted version of the game Mosquitos, Symbian said earlier this month. The result of infection, says the company, could be phones sending text messages around Europe without users knowing.

The illegal version of Mosquitos is distributed through warez Web sites, illegal download sites and peer-to-peer networks and Symbian has warned users to only download mobile phone software from trusted sources such as those carrying its own Symbian Signed certification.

Chris Auld, managing director of mobility software specialist Kognition, spoke to Computerworld earlier this month about Backdoor.Bardor.A, the first Windows CE Trojan. He says it wasn't a serious threat, but was a harbinger of more serious mobile worms and viruses that would come once virus writers started looking "outside the box".

He sees the Mosquitos Trojan as being an example of that. "This virus is exactly the sort of 'outside-the-square' thinking I said virus makers would start doing," he says. "They're using some of the innate features of the phone as a platform, such as SMS support, and are exploiting it to cause real damage."

The situation with Symbian is different to Windows CE, he says. "The interesting thing to note with Symbian is that applications, and thus worms and viruses, are generally only going to run on a subset of all Symbian devices. Symbian doesn't have quite the 'write once, run anywhere,' story you'd get with CE, but there are a number of devices, all on the Vodafone network, that will potentially be affected by this issue."

He says Symbian's advice to only download software from trusted sources is sound, but adds a note of caution about carriers requiring too much of developers when it comes to getting applications certified. "Those sort of 'trusted computing' mechanisms will really help ensure that the sort of virulent outbreaks we've seen on desktop platforms will be unlikely to occur in the device space.

"It's obviously important for small developers like ourselves that the bar, in terms of cost and time, isn't set too high when it comes to having apps certified and signed," says Auld.

According to gamer websites, the Trojan is a dialer Trojan, one designed to dial without the user knowing and will dial text messages at one and a half pounds sterling a go. The game allows users to shoot mosquitos on screen in a "virtual reality" type of atmosphere, according to the informit.com Web site.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email ARN
• Follow ARN on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark