Symbian Skulls: A Virus by Any Other Name?

By Carol Ellison  |  Posted 2004-11-24 Print this article Print

Opinion: Whatever you call it, the latest intrusion into the Symbian operating system serves as another reminder that the security battle has gone mobile.

Whether you call it malware or a badly written application, the skulls that showed up on a Symbian-based Nokia 7610 phone prove the battle to secure wireless data is stretching to new frontiers. The jury is still out on whether the suspect app, which puts skulls where your screen icons should be and limit the 7610 to making and receiving calls, is truly malware. Symbian notes that phone users must install the bad app intentionally before it will do any harm. OK, so its not a virus: It doesnt propagate itself. And, once its on the phone, it doesnt go anywhere. So its not a worm. Technically, you could argue as Symbian has that this isnt malware. But from where I sit, this little app looks pretty odious. Even if it isnt likely to do a great deal of damage to a great many users, its one more reminder that the battle to secure data is moving to mobile platforms where the potential for widespread infection and disruption in communications is gargantuan.
Mobile malware isnt really new and its been obvious for some time that virus writing isnt just for Microsoft haters anymore. We need to break the sentiment that standardizing on operating systems other than those that come out of Redmond is some sort of insurance policy against infection.
Malware writers go for maximum damage. Its no surprise that, as Symbian bests Windows CE in the mobile market, phones running the Symbian operating system have become targets. Skulls isnt the first virus, bad code or ... whatever to appear on operating systems that arent Windows and platforms that arent Intel. And malware ... or whatever-ware ... has clearly gone mobile. It was four years ago that Kaspersky Labs identified the first mobile virus—a nasty little worm called Timofonica that hit GSM phones, generating calls to customers of the Spanish phone company Movistar with disparaging messages about the company. It didnt destroy data and was propagated by computer, not the phone system. Nevertheless, Timofonica caused sufficient uproar that, days after it appeared, members of the anti-virus community announced they were starting work on tools to protect mobile platforms. The concern was great enough that Symantec started work on anti-virus software for the Palm operating system even before a Palm virus was reported. The companys anti-virus product for Palm has been on the market for more than a year. The past few months have given us more to worry about. Kaspersky Labs delivered more troubling news in June when it identified a network worm called Cabir that could infect the Symbian OS. That one, like this recent one, required action on the part of the user before it could infect a phone. But does that mean its nothing to worry about? Click here to read what Peter Coffee has to say about mobile malware. For now, perhaps, but a Nokia spokesperson summed up the concern when I asked about it in June. "Weve always known that malicious software could emerge as an issue in mobile phones as these products became more sophisticated," he said. Emergence is happening now. A little more than a month after Kaspersky reported Cabir, experts identified the first Windows CE virus. This latest intrusion into the Symbian OS is yet another reminder that the security battle goes beyond platforms and that mobile phones—with an installed base that compares with computer installations like the population of China does to that of Rhode Island—offer an invitation to Neverland to those who get their kicks from the mess they can make of anothers data. As computing continues to downsize from desktop to laptop, from handheld to smart phone, and the devices we use to make mobile calls pick up heavier and heavier loads as data communications devices for road warriors, mobile operating systems will gain appeal among malware writers. So should we call skulls malware or something else? Well, whats in a name? If traditional references dont quite fit the situation, maybe we should come up with a new one. My vote goes to "cell hell." How about yours? Write me with your nominations. More commentary from Carol Ellison: Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.
Carol Ellison is editor of's Mobile & Wireless Topic Center. She has authored whitepapers on wireless computing (two on network security–,Securing Wi-Fi Wireless Networks with Today's Technologies, Wi-Fi Protected Access: Strong, Standards-based Interoperable Security for Today's Wi-Fi Networks, and Wi-Fi Public Access: Enabling the future with public wireless networks.

Ms. Ellison served in senior and executive editorial positions for Ziff Davis Media and CMP Media. As an executive editor at Ziff Davis Media, she launched the networking track of The IT Insider Series, a newsletter/conference/Web site offering targeted to chief information officers and corporate directors of information technology. As senior editor at CMP Media's VARBusiness, she launched the Web site, VARBusiness University, an online professional resource center for value-added resellers of information technology.

Ms. Ellison has chaired numerous industry panels and has been quoted as a networking and educational technology expert in The New York Times, Newsday, The Los Angeles Times and The Wall Street Journal, National Public Radio's All Things Considered, CNN Headline News, WNBC and CNN/FN, as well as local and regional Comcast and Cablevision reports. Her articles have appeared in most major hi-tech publications and numerous newspapers and magazines, including The Washington Post and The Christian Science Monitor.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel