|
More
mobile phone worms appear
- Gary Thayer, News Editor
Jan.
12, 2005 -- (MobileVillage) -- In 2005, mobile phone users
will no longer be immune to viruses. Last month saw the inroduction
of the Skulls
trojan, and more viruses are now expected since the writer
of the Cabir virus allegedly posted
the source code online in late December.
Lasco
lassos file-sharers
The latest
Symbian Series 60 mobile phone worm, called Lasco-A, can spread
both through short-range wireless Bluetooth technology and
by attaching itself to files. These two spreading tactics
are common to Windows viruses but were previously unheard
of in mobile phones.
According
to the Finnish anti-virus company F-Secure, there are no reports
of actual Lasco-A infections in the wild, so the risk is low.
Users can protect their phones with mobile anti-virus software
from companies such as F-Secure, Trend Micro and Symantec.
On Series
60 phones, the Lasco worm attaches itself to SIS (Symbian
Installation System) files, which potentially allows it to
be spread when users exchange applications or files.
Like
the Cabir phone worm, Lasco-A also spreads over Bluetooth
connections,. The virus scans Bluetooth-enabled phones in
the vicinity and will pass on the corrupt file to others if
they unknowingly accept the file, according to F-Secure. Lasco-A
is based on the same source as the new Cabir-H variant (see
details below.)
Cabir
code creates concern
The past
several weeks have seen new variants of the Cabir mobile phone
worm, with the latest Cabir variants being Cabir.H and Cabir.I,
according to F-Secure. While F-Secure has not found Cabir.H
and Cabir.I on actual phones yet, the company says that it
is probably just a matter of time, since the virus writer
behind these variants has publicly posted them on a web page.
According
to F-Secure spokesperson Marie Clark, these new Cabir variants
fix a flaw that was hindered the spread of the original Cabir.
Cabir originally would only spread to one new phone per reboot.
"That explains why it so far has only managed to spread
to eight countries (as far as we know), despite being in the
wild for months already," Clark says.
Cabir.H
and Cabir.I can spread to an unlimited number of phones per
reboot. As soon as a suitable target phone is seen, the worm
sends itself there as a Bluetooth file transmission and keeps
sending itself to that phone while it is still in range. Once
the target phone leaves the area, Cabir.H will find a new
target and continue spreading.
"This
means that in conditions where people move around and new
phones come in contact with each other, the Cabir.H and Cabir.I
can spread rapidly," says Clark.
Other
than spreading, the new Cabirs don't do anything directly
destructive or malicious, says F-Secure's Clark. However,
they do block all normal Bluetooth connectivity and they also
quickly drain the infected phones battery.
Preventing
future attacks
F-Secure
predicts that in the future, we will likely see new kinds
of attacks: trojan horses in games, screensavers and other
applications – resulting in false billing, unwanted disclosure
of stored information, and deleted or stolen user data.
Many
anti-virus companies, including F-Secure, Trend Micro and
Symantec, offer antivirus software for mobile phones that
can detect new versions of Cabir and Lasco.
Recent
Related Stories:
Trend
Micro releases free mobile security software for mobile devices
VisKey
protects enterprise handhelds with images
Skulls
mobile download kills cell phone apps
Poll:
56% of U.S. cellphone users don't want a listing in planned
wireless directory
Back
to MobileVillage News Page
|
Daily
News for
