New Age Malware

New Age Malware

We were busy brainstorming in one of
our many editorial meetings; it was
well past our lunchtime and some of
us were quite understandably getting restless.
A few continued with their ideas, backing them
up with facts and ? gures while others took
turns betting on the menu in the canteen that
day. In the middle of this, one of our (hungry)
reviewers received a text message. It turned out
to be a spam message sent via Bluetooth. He had
forgotten to turn Bluetooth off after transferring
files from his computer. Our attention now shifted
from filling our empty stomachs to the source of
that trash Bluetooth message. Eliminating those
who did not have Bluetooth enabled phones, we
finally homed in on the culpritour unsuspecting
illustrator. His mobile phone was infected with
a Trojan that was periodically sending rubbish
messages via Bluetooth to neighboring devices.
The poor old chap was quite embarrassed and
completely at a loss as to how he managed to
contract this pest on his phone. There are many
more like him, naive and clueless of this new
menacemobile phone malware. If he were a
little more careful with his ficonnectivity settingsfl,
he would not have faced this problem in the
first place. The infection was not a dangerous
onehe did not lose any information but if his
phone could be so easily infected then it could
be open to smarter intrusions. To drive my point
home, enable Bluetooth on your phone in a public
place (a restaurant or a park) and search for more
devices in the area. There will be phones that
might require authentication (with pass codes
that can be easily guessed) or ones that will
willingly pair up with your device!
F-Secure, a Finnish anti-virus company did
something similar but on a much larger scale
by conducting a Bluetooth test in CeBIT (held
in Hannover, Germany) this year. They built
a fiBluetooth honeypotfla device with a
100-meter range that identi? ed itself as a
phone in discoverable mode. The honeypot
was capable of identifying the devices found
in its vicinityones that had Bluetooth,
enabled or not. By the end of the trade
fair, which goes on for a week, it had
identi? ed 12,500 unique devicesthats almost
1,800 devices a day! The trade fair was the perfect
playground to spread malicious code, overwrite
system ? les, SMS premium numbers et al. This
did not happen because the honeypot was only
designed to identify the devices within a hundred
meter radius but it can be used to accept ? le
transfers and scan for viruses. F-Secure hopes
this concept will be used to scan devices at check
points in enterprises to curb the spread of any
mobile viruses. But are there so many mobile
viruses out there in the wild or are they just
being a little too paranoid? Many still discount
the mobile phone virus scare as one that is over
hyped. Even as the skeptics continue to voice their
opinions, anti-virus organizations have released
products aimed at protecting PDAs (handhelds)
and smart phones (using the Symbian or Windows
CE/Pocket PC/Mobile OS). Does this really mean
that there is a cause for concern or is it just
another ploy to feed off peoples paranoia?

Evolutiona natural process

The story is quite simpleever since some
brilliant scientists brought computing power from
the mainframe rooms to our desktops, we have
learnt to rely heavily on the machines. It didnt
take time for another bunch of intelligent minds
to cook up programs that could get hold of the
personal information stored on your computer. It
was time to turn to anti-virus software to prevent
them from causing havoc on your office or
home machine. And if that werent good enough
the next resort was installing a firewall. Next,
spyware made its appearance, wreaked havoc on
desktops with rootkits toeing the line.
The reason for so many attacks is the
increasing number of desktop and notebook
users. A regular desktop or a notebook holds
personal records, e-mails, documents, pictures,
etc. Handhelds being able to store the same sort
of information are being exposed to the same
risks today. With convergence as the buzz word,
smart phones are becoming more popular. Be
it a Palm Treo, a Blackberry, an O2 or a simple
Symbian Series 60 phone, everyone wants to be
the proud owner of these devices because of the
sheer computing power they provide in your
palms. But like everything else, convergence
too has its share of disadvantages.
The mobile world was unaffected by
viruses and worms till two years back
when anti-virus companies reported a
mobile phone worm that could spread via
Bluetooth connections. The worm names
fiCaribefl appeared on many phones as
fiCabir.Afl. Even though Cabir.A was written
by coders who just wanted to show what
could be done to any Bluetooth-enabled
device within a 10-meter radius. Nothing
stopped others from taking advantage of
this concept and soon there were variants of
it infecting mobile phones.
Ever since then there have been cases
of Trojans, worms and malware infecting
mobile phones all around the world. The
numbers might not be staggering since
their footprints are sometimes limited to a
countrys service provider or the language.
The Delf Trojan, for example, infected PCs
around the end of 2004. It made use of
Russian text-messaging services to send
SMS to mobile phone usersanother form
of spam. In the same year the fiMosquitofl
virus affected Symbian-based Series 60
phones. The virus seemed to originate from
pirated copies of a mobile game. The game
company took ownership of that fivirusfl. It
had been planted to send information to
their servers (in the form of text messages)
of the use of illegal copies. The company had
to remove this from the game after they
received complaints.

Java-based Malware

The list of infections might not be as
long when compared to the PC-related
attacks but there have been cases where
Trojans (known as PbStealer) capable of
stealing personal information from smart
phones have been discovered by anti-virus
companies. A lot of us store our account
numbers, passport details, PIN codes on
our phones. Phones that make use of
more services like e-mail, voice mail, etc
are more susceptible to Trojans.
Last month, a Java-based infection called
Redbrowser.A infected Symbian-based
Series 60 and 80 phones by posing as a WAP
browser that uses free text messages. It in
fact uses only fipremiumfl phone numbers
and continues sending random messages til
the service is terminated explicitly. The end
result is a fat bill! Right now, it seems to hav
affected phones in Russia but the moment
these infections start crossing network and
language barriers users will face problems.
The F-CommWarrior worm, for example,
has been reported in five countries like ? ve
countries (including India) while Cabir has
been sighted in 24. As you can see, worms
are going international and at a rapid pace.

There are some minor infections as well to
tackle, annoying nonetheless. While some
might send you random text messages,
others might wipe off all system fonts when
you restart your phone or replace all the
icons in the Menu with skulls. And in case
you think Windows-based smart phones
are unaffected, dont be so sure. Reports on
malware designed for CE/Pocket PC/Mobile
5.0 might be less in number but there seems
to be enough room for intrusions, especially
with the arrival of Java-based applications.
The Mobile Anti-Virus Researchers
Association has reported a new kind of
virus called fiCrossoverfl. This one infects
a Windows Pocket PC when it syncs with
the infected computer. Do not panic, this
is another one of those concepts that
demonstrates the chinks in mobile devices.
The need of the hour is observing caution
when reading mail or opening attachments
from unknown recipients. If the threat
increases over the next few years (as more
smart phones are bought), we will ? nd
ourselves updating our anti-virus software
on our phones.

Different methods of protection

Third party software applications
Installing anti-virus software made for
the mobile OS. Trend Micro, F-Secure,
Kaspersky Lab, Symantec, McAfee offer
anti-virus and/or firewall solutions.
End-to-end solution
Usually used in a corporate scenario
where the service provider offers secure
connections and protection from spam in the
form of messages, mail and suspect files.
Built-in security
The smart phones operating system is built
with fire-fighting and preventing skills. The
phone manufacture might either use a third
party software to help to use its engine or
create its own security layer in the OS.