New Trojan Attacking Mobile Phones

The number of malicious code attacks aimed at mobile phones continues to expand, with the latest threat coming from a variant of the Skulls Trojan.

Security firm F-Secure said the variant, which it has dubbed Skulls.D, targets smart phones using the Symbian operating system and disguises itself as a freeware application, this time as an updated version of the Macromedia Flash player.

Like earlier versions, it relies on the Bluetooth protocol to spread to other nearby devices, meaning it can only be propagated to phones in close proximity to infected devices.

Using the Cabir worm, it disables any system application or third-party application that could be used to disinfect the device. The new version then triggers flashing animation showing the skull logo to indicate the phone has been infected.

The Cabir worm was written to target the Symbian operating system, and to date, all the Skulls Trojans have been add-ons and variants to that one worm. Thus, only phones using the Symbian operating system have been infected.

The number of infections to date appears to be small, F-Secure said, and because it is disguised as freeware, it is mainly a threat to those seeking to load their smart phones with the latest applications and who are willing to scour the Web for pirated versions.

F-Secure also said the latest variant is not a surprise, since it noticed the source code for the earlier Skulls and Cabir attacks being published on the Internet last week. At the time, the firm said it would likely be only a matter of days before new threats appeared.

More To Come

That can only be bad news for an industry hoping to get users comfortable enough with their mobile devices to begin using them for a host of new premium paid services, from music downloads and gaming to mobile-commerce.

Some virus researchers say it could be seen as positive news that code writers continue to focus on the core Cabir worm, as it is a possible sign that few other unique viruses are available.

However, F-Secure director of research Mikko Hypponen said it’s likely only a matter of time before fresh attacks start to arrive on the scene.

“There’s a lot of source code for mobile malware floating around in the underground right now,” Hypponen said. “Even more new variants are likely to pop up in the near future.”

Inevitable Trend

So far, virtually all of the attacks on mobile operating systems have been limited in nature. To date, mainly high-end phones from Nokia using the Symbian operating system have been impacted.

In fact, some controversy has erupted within the industry, with some security firms saying that such malware appears very infrequently in the wild, leading some to speculate that antivirus firms eager to capitalize on the mobile trend might be behind some of the code.

Gartner analyst John Pescatore said while there are natural impediments to having smart-phone viruses spread as fast as those aimed at desktop and mobile computers — including a wider variety of operating systems and a lack of continuous connectivity — it’s already clear that they are fast becoming a favorite target.

More Potent Viruses

“We will undoubtedly see more code that targets these devices,” Pescatore said. The bad news is that with existing code being spread rapidly through the hacker underground, more potent viruses will quickly be developed.

The good news, however, is that there is more warning that variants and blended threats are coming, he added. “We saw how these things developed on the desktop and the Internet, so the industry has something to go on.”