The jury is still out on whether the suspect app, which puts skulls where your screen icons should be and limit the 7610 to making and receiving calls, is truly malware. Symbian notes that phone users must install the bad app intentionally before it will do any harm.
OK, so its not a virus: It doesnt propagate itself. And, once its on the phone, it doesnt go anywhere. So its not a worm. Technically, you could argue as Symbian has that this isnt malware. But from where I sit, this little app looks pretty odious. Even if it isnt likely to do a great deal of damage to a great many users, its one more reminder that the battle to secure data is moving to mobile platforms where the potential for widespread infection and disruption in communications is gargantuan.
Mobile malware isnt really new and its been obvious for some time that virus writing isnt just for Microsoft haters anymore. We need to break the sentiment that standardizing on operating systems other than those that come out of Redmond is some sort of insurance policy against infection.
Malware writers go for maximum damage. Its no surprise that, as Symbian bests Windows CE in the mobile market, phones running the Symbian operating system have become targets. Skulls isnt the first virus, bad code or ... whatever to appear on operating systems that arent Windows and platforms that arent Intel. And malware ... or whatever-ware ... has clearly gone mobile.
It was four years ago that Kaspersky Labs identified the first mobile virus—a nasty little worm called Timofonica that hit GSM phones, generating calls to customers of the Spanish phone company Movistar with disparaging messages about the company. It didnt destroy data and was propagated by computer, not the phone system.
Nevertheless, Timofonica caused sufficient uproar that, days after it appeared, members of the anti-virus community announced they were starting work on tools to protect mobile platforms. The concern was great enough that Symantec started work on anti-virus software for the Palm operating system even before a Palm virus was reported. The companys anti-virus product for Palm has been on the market for more than a year.
The past few months have given us more to worry about. Kaspersky Labs delivered more troubling news in June when it identified a network worm called Cabir that could infect the Symbian OS. That one, like this recent one, required action on the part of the user before it could infect a phone. But does that mean its nothing to worry about?
For now, perhaps, but a Nokia spokesperson summed up the concern when I asked about it in June. "Weve always known that malicious software could emerge as an issue in mobile phones as these products became more sophisticated," he said.
Emergence is happening now. A little more than a month after Kaspersky reported Cabir, experts identified the first Windows CE virus.
This latest intrusion into the Symbian OS is yet another reminder that the security battle goes beyond platforms and that mobile phones—with an installed base that compares with computer installations like the population of China does to that of Rhode Island—offer an invitation to Neverland to those who get their kicks from the mess they can make of anothers data.
As computing continues to downsize from desktop to laptop, from handheld to smart phone, and the devices we use to make mobile calls pick up heavier and heavier loads as data communications devices for road warriors, mobile operating systems will gain appeal among malware writers.
So should we call skulls malware or something else? Well, whats in a name? If traditional references dont quite fit the situation, maybe we should come up with a new one. My vote goes to "cell hell." How about yours? Write me with your nominations.
More commentary from Carol Ellison: