In the middle of 2004 we saw the first real cell phone virus, named Cabir. It was newsworthy because it was the first, and since then there have been more. I dont think of myself as an expert on them, but I dont feel very threatened by them.
In mid-March Cabir (pronounced “kay-burr”) made its first appearance in the United States and a whole new round of publicity was launched. Most of the antivirus companies calling me up to talk about it have had this attack squarely in perspective: it was foreseeable because it was possible, and it wont spread very far for a variety of reasons.
It only affects a tiny percentage of mobile phones out there and you have to agree to let it install on the phone. Finally, even if you install it the only real downside is crummy battery life, since it uses the Bluetooth connection excessively, looking for other devices to infect. (Well, theres also the embarrassment of potentially infecting your friends and colleagues phones.
Other PR contacts have referred to “the wide spread distribution of the Cabir Bluetooth cell phone virus” in order to pitch for vendors who provide security software or consulting in this space.
This is simple scaremongering.
Cabir is interesting (more for its use of Bluetooth to seek out and spread to other devices than for the fact it runs on a cell phone), but its not particularly threatening. If I had confidential information in my cell phone that, in the wrong hands, could cause me or my company serious trouble I would think about enhancing the security of it. Of course, for the same reasons I would be worried about forgetting my phone somewhere too, and perhaps thats the more serious threat.
It may have been because of the source code for Cabir was released several months ago, but another one has turned up. Commwarrior (SymbOS/Commwarrior.a to McAfee) affects Nokia Series 60 phones, such as the 3650, 7650, and 6600. How do I know that? I read it on the viruss home page. Its also where I downloaded my own personal copy of the virus, not that I have a Nokia phone on which to run it.
Next page: And now a message from Commwarrior…
And now a message
from Commwarrior…”>
If anyone felt threatened by Cabir, they should be positively terrified of Commwarrior.
I spoke with Victor Kouznetsov, Sr. VP Mobile Solutions for McAfee and he argues that Cabir was a proof-of-concept worm, not a real-world attempt to infect. Kouznetsov says that Commwarrior, on the other hand, is a real attempt to spread like real malware. It spreads both through Bluetooth and MMS (Multimedia Messaging Service). Like Cabir, it arrives as a program that the user has to launch.
More interestingly, it uses classic worm social engineering to try to trick the user into launching the attachment, including such enticing messages as “Free *SEX* software for you!” and “Security update #12. Significant security update. See www.symbian.com”.
Such messages have been used by Windows-based worms for years and I keep hearing that people fall for them, so I would assume that they might work on Nokia phone users. (According to F-Secures analysis of the worm it also contains the string “OTMOP03KAM HET!” which is Russian and translates roughly to “No to braindeads”.
This is a real worm (or arguably a virus or Trojan horse), not the experiment that Cabir was. And yet it appears that this program has been out in wild since January, and it only showed up on the radar screens of the antivirus establishment this week, which makes you wonder: How virulent can it really be?
Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.
I think the characteristics weve observed so far in worms such as these are not so much indicative of the immaturity of the mobile phone virus establishment as of inherent limitations in the mobile phone infrastructure for malware.
Its hard to imagine an attack that will, for example, work on phones with different operating systems. As best as I can tell, there are a variety of platforms in place in this market and its possible that SymbianOS, the target for Cabir and Commwarrior, is more amenable to such development than the others. All of them have been around for years, so I would have expected proofs of concept on all of them by now.
If only real computing platforms had this as the cutting edge of security threats! If I were buying one of these fancy-schmancy mobile phones I wouldnt hesitate to buy a Nokia just because there are stupid attempts out there like this. Its just like a PC, you just have to pay attention and any threat that comes along will be obvious.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer