Mobile Virus
Wednesday, August 6th, 2008
Some mobile viruses – that is, viruses that infect Smartphones, cell phones, and handheld PCs – spread in the same way as traditional computer viruses, namely when you download programs or files that are already infected. In the case of mobile phones, that might mean downloading photos, video clips, ring tones, cell phone themes, or other programs.
The first instance of a mobile virus occurred in June 2004, when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user’s knowledge. In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. This virus replicates itself on Bluetooth wireless networks.
Common mobile viruses:
Cabir, Duts, Skulls, Brador, Dampig, Locknut (Gavno), Qdial, Velasco, Commwarrior, WCE/Meiti-A, WinCE/InfoJack , WinCE/Mepos.A, WinCE.Infomeiti
Cabir infects mobile phones running on Symbian OS. When a phone is infected, the message ‘Caribe’ is displayed on the phone’s display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals. The Mabir.A virus affects Symbian Series 60 phones. Instead of just reading all phone numbers from the local address book, the Mabir.A listens for any SMS or MMS messages that arrive to the phone. When a message arrives, Mabir.A sends itself as MMS message to the sending phone number, thus posing as a reply to whatever message was sent to the infected phone. Duts, a parasitic file infector virus and is the first known virus for the PocketPC platform, attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes). Skulls is a trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also renders all phone applications, including SMSes and MMSes useless. Commwarrior is the first worm to use MMS messages in order to spread to other devices. It can spread through Bluetooth too. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices. The Dampig trojan disables some system applications and third-party file managers and installs several variants of Cabir worm on the phone. This Trojan disables Bluetooth UI, system file manager, messaging applications and phone book on the infected hand-held. Also, Dampig will corrupt the uninstallation information in the system installer so that it cannot be uninstalled without being disinfected first.
The greatest threats to mobile phones are in these seven areas: Text messages, Contacts, Video, Phone transcriptions, Call records, Documentation and Buffer overflows. To protect the Windows Mobile API, Microsoft by default employs a certificate system. Only programs with signed certificates can call mobile APIs. This system works well until a user wants to add an unsigned program. Keep your Bluetooth switched off. Windows viruses come over the Internet, but the current bunch of variations on the cabir virus comes over Blue tooth. You can use software such as Extended Profiles from PsiLoc to turn your Bluetooth on and off according to the time of day. If you don’t want to keep your Bluetooth off, make sure you can’t be discovered. You can do this in the Bluetooth settings by changing ‘My Phone’s Visibility’ to Hidden.
Available Mobile Antivirus software:
- BullGuard Mobile Antivirus (Pocket PC).
- F-Secure Mobile Anti-Virus (Pocket PC).
- AirScanner Mobile Antivirus (Pocket PC and smartphone)
- Symantec AntiVirus for Handhelds (Pocket PC).
- Trend Micro Mobile Security (smartphone).
Related Links:
en.wikipedia.org
www.mobilephoneviruses.com
www.vnunet.com
www.mobiletopsoft.com