Double Trojan Targets Smart Phones
In a sign that mobile devices might be gaining favor as a target for virus creators, a new Trojan horse aimed at smart phones using the Symbian operating system has been discovered in the wild.
The Trojan, known as "MetalGear.a," was discovered earlier this week and attacks the smart phones, which are wildly popular among gamers.
The Trojan poses as a freeware version of the fight game "Metal Gear Solid," but once activated, it disables antivirus programs and installs a version of the Cabir worm.
That worm, which was identified earlier this year as the first ever widely circulated worm to target mobile devices, then attempts to use the Bluetooth wireless protocol to spread a second Trojan, known as "Sexxxy," to other devices within short-distance wireless range.
Australia-based mobile antivirus maker SimWorks International, which issued an alert this week, said the new attack showed an increasing level of sophistication in the mobile malware realm because the Trojan contains three distinct components and because if activated, it attacks a number of phone utilities, including ones that could be used to repair damage caused by the virus.
Using what appears to be a version of a popular game also can enable the Trojan to gain access to phones. One impediment to earlier viruses spreading has been a reluctance among phone users to activate executable files or agree to downloads because of the bandwidth and cost constraints of mobile computing.
Though most efforts to target mobile devices with malware have been deemed more of a nuisance -- the Bluetooth mechanism, in particular, is seen as an ineffective way to spread infection because it requires devices to be in close proximity to one another -- they are the tip of what could be a sizeable iceberg that could at least slow down some mobile technologies, F-Secure director of antivirus research Mikko Hypponen said.
Hypponen noted that before this past spring, no mobile viruses had been effectively deployed. Since then, the Cabir worm and at least one variant arrived. In July, F-Secure found the first virus that attacks the PocketPC operating system. Last month, a virus known as "Skulls" targeted Nokia smart phones.
"The Cabir worm has shown that at least one approach to spreading wireless viruses could be effective, if not devastating" he said. In fact, F-Secure has spotted infections of Cabir around the world as users with infected devices travel from country to country.
"The mobile security challenges are similar to what happens with PCs," Hypponen said, in the sense that open systems are favored so that information can be shared and because many users are lax when it comes to applying and using strong antivirus tools.
Some analysts say the security issues need to be addressed quickly before they become an impediment to the growth of more robust use of mobile devices, including everything from streaming music to mobile purchases.
However, others are hopeful the first few attacks will serve as a wake-up call to mobile carriers, makers of smart phone hardware and software, and users, educating them that these devices are no longer immune to the same type of attacks that target desktop PCs.
"The assumption that mobile devices are safe from these attacks is going away," Gartner research Vice President Phil Redman said. "While that might create some confidence problems, it should also serve as a reminder that there's a responsibility to ensure security that everyone who makes and uses these devices shares."
Either way, mobile commerce is going to grow, Redman said, with 2005 seen as an important year.
Several new streaming media services have been launched in recent weeks, including the Music Choice service from Sprint, a mobile-dedicated top-level domain is under consideration by the Internet's governing body and all major cell carriers are busy building out broadband wireless networks.