|
IT Developments
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Analysts See Alarming Development in Mobile Malware
- From: Brian Warkoczeski
- Date: Thu Jul 16 12:18:51 2009
Analysts See Alarming Development in Mobile Malware
By Jeremy Kirk, IDG News Service
July16, 2009
www.yahoo.com
The first worm that spreads between mobile devices by spamming text
messages has developed a new communications capability that one security
vendor says signals the arrival of mobile botnets.
Trend Micro has analyzed a piece of mobile malware known as "Sexy
Space," which is a variant of another piece of mobile malware called
Sexy View, which targets devices running the Symbian S60 OS.
Sexy View, which was detected by vendors such as F-Secure six months
ago, is significant because it is the first known malware sample that
spreads by SMS (Short Message Service). It appeared initially in China.
Infected phones would send SMSes to everyone in the phone's contact list
with a link to a Web site. If someone clicked the link, they would then
be prompted to install Sexy View, which purports to offer
pornography-related content.
In another advancement, those who wrote Sexy View were able to get the
application approved and signed by Symbian. The OS manufacturer, now
owned by Nokia, vets applications for security using both manual and
automated processes, said Mikko Hypponen, chief research officer for
F-Secure.
Sexy View's creators were somehow able to subvert that automated vetting
process, allowing the application to access functions such as SMS,
Hypponen said. The latest variant, Sexy Space, is also signed by Symbian.
But in the latest alarming development, Trend Micro analysts have found
that Sexy Space is capable of downloading new SMS templates from a
remote server in order to send out new SMS spam, said Rik Ferguson,
senior security advisor for Trend.
No malware for a mobile device has been know to do that before. Analysts
at Trend had "heated internal discussions" about whether Sexy Space
qualified as botnet code, Ferguson said.
Sexy Space is also capable of stealing subscriber and network
information from the device and sending it to a remote server, Ferguson
said.
Sexy Space confirms what analysts such as Hypponen and Ferguson have
said since late last year: As mobile devices take on greater
functionality and operate like minicomputers, it's likely they will be
targeted by malware writers and eventually lassoed into botnets.
Botnets -- arguably one of the biggest security threats facing the
Internet -- are networks of hacked computers that can be used to send
spam, conduct denial-of-service attacks on Web sites or steal data.
Hypponen said F-Secure analysts had not confirmed that Sexy Space calls
on a remote server, and Trend engineers are still studying where the
remote server is located.
It's not clear now many phones may be infected. But one Beijing mobile
security vendor, NetQin Tech, wrote on its blog that infections had been
widespread in China and Saudi Arabia.
F-Secure informed Symbian about the malware. It is possible for network
operators to revoke the certificate that allows an application to run on
a Symbian phone, Hypponen said.
But the revocation mechanisms are not automatic, and depending on the
operator's setup, it may not work for all phones, Hypponen said.
F-Secure has a writeup of the malware, also known as "Transmitter" at:
http://www.f-secure.com/v-descs/worm_symbos_yxe.shtml
Trend has also posted an analysis at:
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=SYMBOS_YXES.B&VSect=T
|
|
|
