The spread of malicious software such as viruses and Trojans to cell phones, long feared, has become a reality. A recent Trojan used Russian Web sites to spam mobile phones via short message service (SMS).
The spamming was not widespread, but it did highlight the increased likelihood that cell phones may suffer the same sort of attacks that frustrate PC users, including spam, viruses and scams, experts said.
Security vendor Sophos 
said in an advisory the Troj/Delf-HA Trojan horse
downloads instructions on spamming cell phones and then delivers the junk
solicitations via SMS , which can cost users money at the very least.
"Cell phone spam can not only be a nuisance, but it can also cost the phone owner money," said a statement from Sophos senior technology consultant Graham Cluley. "Now SMS spammers are taking a leaf out of the book of e-mail spammers and using unprotected, innocent PCs to pass their unwanted messages."
Talk Turns to Trojan
Security experts have warned for a few years now that some of the malicious code that has plagued PC users may be aimed at cell phones as they become more widespread and more capable.
Ken Dunham, iDefense director of malicious code intelligence, told
TechNewsWorld that the capabilities and target audience for a mobile 
phone attack
are limited because of the technology involved -- less sophisticated than a
desktop operating system and more varied in platform. However, Dunham said
the increased sophistication of cell phones and personal digital assistants
(PDAs) -- which can now connect to the Internet for e-mail, messaging and
games -- and their wider use is making the devices more of a target.
As cell phones, notebook computers and other mobile devices are integrated for messaging and other services along with PCs, Dunham said, there is increased opportunity for attack.
Say Hello to Spam
Sophos said the recent Trojan sending junk SMS messages was using the mobile phone messaging capabilities of several Web sites of Russian mobile phone network providers.
Sophos advised companies to protect their e-mail gateways with a consolidated solution of antivirus and firewall to thwart the threats.
Cluley also said similar efforts in the past had involved SMS spam campaigns that encouraged recipients to call a number and sign up for costly services, such as a chat line.
Dunham said he envisions an increasing amount of spam and other malicious efforts, such as phishing enticements for personal information, to move to the mobile phone platform.
He said that although the threat has been very slow to mature, Trojans, viruses, phishing and other frauds are also more likely for mobile phones as attackers attempt to gain status among spammers and virus writers.
"I think we're going to see more of this in 2004 and 2005, just because [it] is an opportunity and people interested in reputation want to just see if they can do it," Dunham said.
Java Jeopardy?
This summer, mobile phone operators in Europe were warned that within a year the heavy reliance on Java-powered cell phones and handhelds would make the devices a likely target for attackers.
The concern was that the number of Java-powered devices was reaching a point that attackers would look to exploit the programming language to attack mobile users.
However, defensive measures, such as the Messaging Anti-Abuse Working
Group (MAAWG), have been established to try and thwart such attacks through
technology and education.
Talkback: 
