Security software firm F-Secure announced today that it has found another piece of mobile phone malware, this one a Trojan horse called Fontal.A, which can cause Nokia 60 series phones running Symbian to crash. Analysts say that while mobile malware is likely to become a bigger problem over time, so far the attacks have been proof-of-concept, or malware written just to prove it can be done.
“Sometimes virus creators send them [software security companies] stuff trying to show off,” Roger Entner, vice president, wireless telecom, Ovum.
“It’s like the 16-year-old kid who wants to show off but doesn’t have the guts to let the virus out into mankind.”
Fontal.A works differently from other reported mobile phone malware, which propagate either through Bluetooth or MMS (multiple message service) technology for sending text messages. Mobile phone users could pick up the Trojan horse through a peer-to-peer file-sharing network or IRC (Internet relay chat). If a phone is infected, it will install a corrupt font file.
Once the file is installed, F-Secure said the phone must not be rebooted because the Trojan will prevent the reboot and the phone will be stuck on startup. The fix would be to reformat the phone, but that means all data stored within it, such as phone numbers, are lost.
Not a Big Deal
Entner wasn’t convinced there was much of a threat. “This is really farfetched. You have to ask for it and go out looking for it,” he said. “Mabir is much more viable threat. There are enough gullible people out there that they may install something from a text message,especially if they think it came from a friend.”
Mabir sent itself to mobile phone users in the guise of a reply text message from a friend.
David Friedlander, senior analyst, Forrester Research, told TechNewsWorld that there are more worrisome security risks for mobile phone users.
“There are a handful of examples of malicious code, and none of them have spread rapidly. Mobile devices face a much greater security threat from device loss or theft,” he said. “At minimum, users and enterprise IT should make certain a phone or PDA’s password feature is enabled to protect the information on it. A little common sense also goes a long way — don’t open unknown attachments or load files from unknown sources on your phone or PDA.”