[ISN] Mobile worm spreads through networks

From: InfoSec News (alerts@private)
Date: Wed Jan 23 2008 - 22:32:50 PST


Forwarded from: L. Easterly <corqpub (at) gmail.com>

http://www.itnews.com.au/News/68749,mobile-worm-spreads-through-networks.aspx

By Iain Thomson
itnews.com.au
23 January 2008

Experts are warning of a new worm spreading across mobile networks via 
Symbian phones.

The worm is similar to the CommWarrior mobile virus, and initially 
fooled researchers into believing that it was not new.

However, it is actually a new class of mobile virus which spreads via 
file extensions named 'beauty.jpg', 'sex.mp3' and 'love.rm'.

"We first thought that this was a CommWarrior clone," said Guillaume 
Lovet, threat response manager at Fortinet.

"But there are several differences. It is 40 per cent larger for one 
thing, and we are investigating whether it contains a hidden malicious 
package."

Lovet added that the new virus is not totally automated since it 
requires the user to install the malware, which does not appear as an 
application in file listings. The phone also asks users to confirm that 
they want to download the code.

The worm is unusual in that it prompts the handset to call numbers 
belonging to a major mobile phone network in China.

F-Secure warned that a second worm, similar to the first, is now on the 
loose and offers similar advice.

"Both of these worms have been able to escape attention for at least a 
while with the simple trick of pretending to be common media files," 
said the company in its blog.

"As there are a lot of JPG and other media files travelling over MMS all 
the time it is no wonder that it took a while for people to realise that 
there is a new worm on the loose.

"If you have a Symbian S60 phone and you receive a media file answer 
'no' to any installation prompt that appears when trying to open the 
file.

"There is no reason for any image file to ask installation questions on 
the Symbian platform, so any image or sound file that does something 
other than play immediately is something other than it claims to be."

Copyright 2008 vnunet.com


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Jan 23 2008 - 22:36:56 PST