New Worm Attacks Mobile Phones with Symbian OS

Another mobile virus has been spotted by security researchers, again designed to attack Symbian-based smart phones, but this time able to spread by more than one method.

Like the vast majority of mobile viruses, the Lasco worm, as the threat has been dubbed, is aimed at the Symbian operating system. F-Secure, which is calling the worm Lasco.A, said it targets Nokia’s Series 60 phones. F-Secure also said the code originated in Brazil and is as yet only in proof of concept form.

However, the worm is also the first to target the Symbian Installation System, or SIS, files — earlier versions of the Cabir worm were aimed at various applications used on phones with the Symbian operating system. It is also the first that appears to have been developed to work within Windows environments as well. That wrinkle could possibly lead to infections spreading to laptops and even desktop PCs that use the Bluetooth technology, some virus researchers warned.

New Appraoch

F-Secure Director of Research Mikko Hypponen said the new code was noteworthy because it spreads two ways, through Bluetooth and by embedding itself into the SIS installation files, which are often shared among more than one phone when programs such as games are shared.

That approach is “common in PC malware but previously unheard of in mobile systems,” he added. He predicted it would only be a matter of time before the code is released into the wild, where it has the potential to spread rapidly.

Security firms recommend that Bluetooth users activate the “hidden” mode that will prevent other devices from detecting them without authorization.

Nuisance Value

To date, however, the problem with Lasco is mainly that it drains resources from infected smart phones because the worm constantly searches for other Bluetooth devices it can infect. Users will likely only discover the infections when they notice batteries being drained quickly.

The Symbian operating system is used by a range of handset makers, from Motorola and Sony Ericcson to Samsung and Panasonic, but most of the phones in operation that use Symbian are made by Nokia.

Nokia did not return calls seeking comment on whether their sales have been impacted by the barrage of malware aimed at its products. If there has been an impact, analysts say, it’s more likely to be a result of bad publicity than of users having first-hand experiences with the viruses.

In fact, even the firms that have issued warnings about Cabir and now Lasco say they’ve seen very few instances of actual infections. That’s explained in part by the difficulty in spreading the worms, which propagate from one device to another through the Bluetooth wireless protocol, which requires devices to be in close proximity to each other.

Window to the World

“There haven’t been enough infections or a broad enough impact yet to hurt phone sales or to scare consumers away from any particular brand,” Gartner analyst John Pescatore said.

Still, he said, if the trend continues with many more Symbian attacks, consumers might begin to seek alternatives, though he noted that use of the Windows platform has remained largely unhurt despite the fact that most desktop malware targets the Microsoft OS. “Before long, there will be code to attack other versions as well anyway,” he said.

So far, few of the several mobile-targeting viruses and worms have been considered dangerous by security experts. However, they have rapidly become more complex, with some code now containing both a virus and a worm and with Trojans, such as fake gaming programs, being used to spread them.

“Code writers are still figuring out the approach that will cause the most havoc,” Pescatore said.