Forwarded from: L. Easterly <corqpub (at) gmail.com> http://www.itnews.com.au/News/68749,mobile-worm-spreads-through-networks.aspx By Iain Thomson itnews.com.au 23 January 2008 Experts are warning of a new worm spreading across mobile networks via Symbian phones. The worm is similar to the CommWarrior mobile virus, and initially fooled researchers into believing that it was not new. However, it is actually a new class of mobile virus which spreads via file extensions named 'beauty.jpg', 'sex.mp3' and 'love.rm'. "We first thought that this was a CommWarrior clone," said Guillaume Lovet, threat response manager at Fortinet. "But there are several differences. It is 40 per cent larger for one thing, and we are investigating whether it contains a hidden malicious package." Lovet added that the new virus is not totally automated since it requires the user to install the malware, which does not appear as an application in file listings. The phone also asks users to confirm that they want to download the code. The worm is unusual in that it prompts the handset to call numbers belonging to a major mobile phone network in China. F-Secure warned that a second worm, similar to the first, is now on the loose and offers similar advice. "Both of these worms have been able to escape attention for at least a while with the simple trick of pretending to be common media files," said the company in its blog. "As there are a lot of JPG and other media files travelling over MMS all the time it is no wonder that it took a while for people to realise that there is a new worm on the loose. "If you have a Symbian S60 phone and you receive a media file answer 'no' to any installation prompt that appears when trying to open the file. "There is no reason for any image file to ask installation questions on the Symbian platform, so any image or sound file that does something other than play immediately is something other than it claims to be." Copyright 2008 vnunet.com ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Jan 23 2008 - 22:36:56 PST