========================================================================================
PREPARING FOR MOBILE PHONE VIRUSES
========================================================================================
Viruses for handheld devices are beginning to emerge. The first mobile phone virus, a worm named Cabir, running on Symbian OS mobile phones, was discovered on June 14th 2004, and the first Pocket PC virus appeared in July 2004. Although these viruses have not spread wildly, and are only a minor threat, they clearly demonstrate that mobile devices have become a target for virus writers.
========================================================================================
How much harm can these viruses cause?
========================================================================================
Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.
Duts: A parasitic file infector virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes)
Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also renders all phone applications, including SMSes and MMSes useless
Comwar: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth too. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
========================================================================================
Solution to this problem
========================================================================================
1. Always keep ur blue tooth connection switched off.
2. Always keep ur blue tooth in "Hidden" mode.
3. A real-time, up-to-date anti-virus client is required in all smartphones, with a mechanism for automatically delivering updates directly to the device.
========================================================================================
Anti viruses i used personally..
========================================================================================
F-SECURE MOBILE ANTIVIRUS - The best one i ever used - You need gprs connection to active it - Can be downloaded from NOKIA website & F-secure Mobile web site..
You can use it for 1 month free with full functions.
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Kaspersky Anti-Virus Mobile 1.5 - Free version downloaded from kaspersky website
Its a trial version. will expire in 2-3weeks. when it does.. just uninstall and reinstall... again it will work for 2-3wks
---------------------------------------------------------------------------------------------------------------------------------------------------------------
SIMWORKS ANTIVIRUS - Free 1month trial version available from simworks website
---------------------------------------------------------------------------------------------------------------------------------------------------------------
McAfee Virus Scan-Mobile- Same as simworks. u will need gprs to activate it. Can be downloaded from McAfee Mobile website
========================================================================================
======================================================================================
HOW NOT TO CATCH A MOBILE PHONE VIRUS
======================================================================================
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Keep your Bluetooth switched off. Windows viruses come over the internet but the current bunch of variations on the cabir virus comes over Blue tooth. You can use software such as Extended Profiles from PsiLoc to turn your Bluetooth on and off according to the time of day, so maybe you can use that to only have Bluetooth active when you're driving, for instance.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
If you don't want to keep your Bluetooth off, make sure you can't be discovered. You can do this in the Bluetooth settings by changing 'My Phone's Visibility' to Hidden.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
If you want to remain visible, or discoverable, then don't accept messages from strangers. If you're on the train and your phone tells you that there's an incoming connection, reject it every time. Don't go looking for the evil offender who cunningly tried to send it to you, however, since the chances are that they don't know what their phone is doing.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
If, though, you want to receive a file from a stranger (some innocent fun can be had by sending and receiving funny pictures to and from strangers in public places - keep it clean, then check the file before opening it. If the name of the file ends with .sis, DELETE IT! The chances of a stranger sending you an innocent application at random are very slim and so if they've sent you an installer (which a .sis file is), it is very likely to be a virus.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
If you've accidentally opened the file, just cancel the install when you're warned about it's security. Symbian Smartphones are very careful about security and will hold your hand all the way through an install process for new software - the only thing it won't do is force you to not install it.
So, as you can see, you can make it impossible for your Smartphone to become infected. Here alone, you can see the steps you can take to make a virus' life difficult.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Ultimately, nothing can be installed onto your Smartphone without your permission so, unless you're in the process of installing some software, reject everything that tries to install.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
For extra peace of mind, you can install anti-virus software onto your phone (see online shops such as Handango for a number of available applications - but keep away from TSG Phone Safe though), but ultimately, your Smartphone's security is only as strong as the weakest link. Don't let that link be you.
======================================================================================
Thanks Binoj. Now they are after mobiles and PDAs.
Recently in a meeting I have searched for mobile devices from my phone and looking at the list I got surprised me. About 8 names. They have left bluetooth on.
and looking at the list I got surprised me. About 8 names. They have left bluetooth on.
hmm... ya ppl r soo ignorant abt all these..
leaving ones bluetooth constantly on not only increases the risk of virus infection but also burns battery heavily..
Terror runs... on wireless lines: a 10 month chronicle of of attacks
-------------------------------------------------------------------------------------------------------------------------------------------------------
Let's recap briefly the events that have defined the past months.
-------------------------------------------------------------------------------------------------------------------------------------------------------
Spring 2004 – Mosquitos, the game infected by a trojan, opens the door for this new era of piracy aimed at cellular phones:it sends messages to expensive toll numbers, causing considerable economic loss to its unwitting victims.
June 15th: it's Cabir's turn; the worm first version of which has been named Cabir.A. is first virus to replicate through an active Bluetooth connection, Cabir attacks phones with a Symbian operating system.
June 16th, 2004: Only one day later, a new version Cabir.B makes an appearance, and will continue its spread mainly in China, India, Turkey, Finland and the Philippines. To this day, this worm continues to hitchhike around the world, with the owners of infected devices.
July 2004: Pocket PCs are targeted for the first time and the protagonist of these attacks is Duts. Behaving like a traditional parasite virus, it attacks the Pocket PC's programs and spreads each time infected programs are exchanged. Nicknamed “the polite virus”, when a program hit by Duts is activated, a message appears asking the user permission to proceed: “Dear User, am I allowed to spread?”. If the user mistakenly grants authorization, the virus will infect all .EXE files present in the directory.
August 2004: in Summer 2004,handheld devices are targeted once again. A few days after the reporting of Duts, it is Brador's turn, a backdoor that creates a copy of itself in the start file and informs the hacker the minute the device is online. The hacker can then connect to the palmtop through the TCP door and covertly control the device.
November 19th, 2004:Symbian-based smartphones return once again and become the target of hackers.The first appearance of Skulls, the first version of which is called Skulls.A.,Skulls hides behind files named Extended Theme Manager
or Timer Room. If erroneously installed, the trojan blocks the functioning of smartphone applications, allowing the user only to make or receive phone calls. All other functions -messages, browser, and several other applications -get blocked and the screen, instead of the usual icons, displays skulls. What makes the trojan even more troublesome is the fact that removal can be quite difficult and sometimes even cause the loss of all information installed on the phone, including numbers, agenda and saved messages.
-------------------------------------------------------------------------------------------------------------------------------------------------------
.
November 29th, 2004: the month ends with the first variation of Skulls: Skulls.B. As previously, the trojan is spread through a file called Icons.SIS that, if installed on a smartphone, blocking the functioning of the cellular device's applications, allowing the user only to make and receive phone calls, and deleting all other functions. If that weren't enough, Skulls also carries the worm Cabir.B, making this threat particularly dangerous.
December 22nd, 2004: Another wave of malware spreads disguised as the cracked copy of the popular cellular phone game Metal Gear Solid. The virus, called MGDropper, installs itself, when the unwitting user downloads the game on the smartphone. When launched, MGDropper installs versions of Skulls and Cabir and tries to undermine the security products installed on the phone.
December 26th, 2004: In a six-month time span, versions of Cabir multiply and the versions Cabir.H e Cabir.Imake an appearance. Both target cellular phones with a Symbian 60 Series operating system but their appearance attracts the attention of researchers for one main reason: these two versions seem in fact to be re-written
versions based on Cabir's original source code. This means that, in a silent but insidious way, part of the source code is continuing to spread in the depths of the web. As a result, sources are still available to authors of cellular phone malware, with all the associated risks.
January 11th, 2005 – The new year starts with a troubling report that bears the name Lasco.A.This time as well,
cellular phones with a Symbian operating system and an active Bluetooth connection are targeted. Lasco.A combines viruses and
worms: once the phone is hit, replicating the behavior of the notorious Cabir,the worm starts to search for other active Bluetooth devices so it can replicate and look for .sis files to infect.
February 1st, 2005 – It's the turn of the Locknut.A trojan (also nicknamed Gavino.A and B by some anti-virus companies). Aimed at phones with a Symbian 7.0 operating system, this new phenomenon arouses interest not so much because of its severity but because it is a Symbian SIS trojan file that substitutes a
binary file, blocking the phone and preventing any application from opening. Its blocking methods are similar to those of Skulls but are more complete. Although initially it was thought that, once hit by Locknut.A, the phone becomes unusable even for phone calls, it has been verified
that phones can still make and receive phone calls, while losing all other functionality normally available on a smartphone device.
March 3, 2005 – CommWarrior.A started creating unwanted billing for infected Series 60 users. This virus, however, adds a new layer of sophisticated intelligence, using Bluetooth during daytime for spreading and sending MMS messages at night. The latter feature is very bad from the user’s point of view because CommWarrior is able to create considerable costs by sending multiple MMS messages. The MMS messages contain variable text messages and the Comwarrior SIS file with the filename commw.sis. To get infected the user has to accept the installation dialogue but once done, detection is difficult. The global spread of CommWarrior.A has been rapid.
Quote:
The most common reason why people have installed Commwarrior from an MMS message is the trust that they have with the sender. People are typically wary of messages that they receive from unknown sources, but quite willing to install whatever has been sent from a friend’s mobile. This is a phenomenon that we have also seen with E-Mail worms; the plain fact is that people just are unwilling to mistrust something coming from a friend.
March 18, 2005 – Locknut.B will cause the operating system to crash by preventing any application to launch. It lures the user to install itself be pretending to be a patch for Series 60 phones. Locknut B also contains Cabir V which spreads through Bluetooth just like the earlier variants of Cabir.
April 4, 2005 – Fontal.A is a SIS file trojan that installs a corrupted Font file into infected device, thus causing the device to fail at the next reboot. If a phone is infected with Fontal.A, it must not be rebooted since the trojan will prevent the phone from booting again. If
the phone is rebooted, it will try to boot, but will be forever stuck on phone startup and cannot be used. In addition of installing the corrupted font file, Fontal.A also damages the application manager so that it cannot be uninstalled, and no new applications can be installed before the phone is disinfected.
May 9, 2005 – Skulls.K is a variant of previous Skulls versions. It replaces the system applications with non-functional versions, drops SymbOS/Cabir.M worm in to the phone and disables third party applications that could be used to disinfect it with such as FExplorer, EFileman.
====================================================================================
And the story continues...........
|
Topic Tags: 
1. Always keep ur blue tooth connection 
