Mobile phone malware: an enterprise problem?

By Bill Brenner, News Writer 14 Jan 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Reports of new worms and viruses that target cell phones have dominated headlines recently. What's out there today is of little danger to enterprise users, security experts say. But with new variants appearing and source code for the original Cabir worm floating in cyberspace for all to see, the situation could deteriorate quickly.

"For your mobile phone to get hit with something malicious today, you either have to be very unlucky or be downloading a lot of stuff on your cell phone," said Mikko Hypponen, director of AV research for Finish security firm F-Secure Corp. "Younger people face the biggest threat right now, but from an enterprise standpoint there's very little to worry about."

But Hypponen and his team have watched activity pick up in recent weeks. Last week saw the appearance of Lasco-A, which targets Symbian phones by combining two spreading tactics common in PC malware but previously unheard of in mobile systems. It searches all SIS installation files in the infected device and inserts itself as an embedded SIS file. Therefore, any SIS file in the device that gets copied to another phone -- as frequently happens as people swap software -- will also contain a copy of Lasco-A. Like the Cabir worms, it also uses Bluetooth to spread.

Add that to last month's developments: the appearance of a new Skulls Trojan horse that targets Symbian Series 60 phones and reports that the Russian-based 29A virus group had released the original source code for the Cabir-A worm.

These threats may not be a problem for enterprises today, but Hypponen said the spike in activity should serve as a warning to corporate IT administrators that something damaging could come their way with little notice.

"Enterprise users should be watching because the situation could change very rapidly, and I mean today," he said. "Anyone can go to the right Web site and pick at the code. With the code out there on the Internet for anyone to look at and play with, enterprises must be concerned."

He compares it to the growing bot problem. "One of the reasons bots are such a problem is [because] it's widely available source code," Hypponen said. "You could see the same thing with the mobile phone viruses. Someone could eventually come up with more effective mobile phone viruses as quickly as they come up with new bot variants."

His advice: "Make sure everyone in your enterprise knows the rules for company cell phones -- no downloading games, doing personal e-mails or visiting untrusted Web sites. Right now, it's more about education and thinking about precautions."

Chris Novak, senior security consultant for Belgium-based security firm Ubizen, said he has seen no evidence of these worms and viruses spreading among his clients. He believes the real threat will come in the next two or three years, when cell phones with easy Web and e-mail access will be cheaper, in wider use and connected to larger enterprise networks.

"Today there are different pieces of code out there like Cabir, but we really haven't seen anything major," he said. "It's really proof-of-concept code right now, nothing damaging at this point. With things like last year's adoption of the 802.11i protocol for wireless devices, we'll see a proliferation of wireless interest. But most enterprises haven't made firm plans to move forward with the technology yet."

Graham Cluley, senior technology consultant for Lynnfield, Mass.-based antivirus firm Sophos, agrees with Hypponen that the situation could deteriorate quickly given recent developments.

"Publishing virus source code on the Web is dangerous because it encourages others to create malware," he said in a recent statement. "Although viruses for mobile phones have, to date, been creating more hype than havoc, it's possible that more malicious people will now be investigating ways to infect cell phones. All users should be very careful about what applications they allow to install and run on their mobile device."

Tags: Hackers and Threats to your Mobile Enterprise,  Mobile Device Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Hackers and Threats to your Mobile Enterprise Mobile security threats Securing corporate data on your laptops iPhone hacking: Lessons from the front line Trends in mobile computing Traditional security threats coming soon to mobile device near you Prevent mobile malware: Learn how to protect your enterprise and devices On-device defenses for mobile malware Is malware coming to a smartphone near you? New challenges in mobile device discovery Mobile security – Understanding and controlling risks Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bluesnarfing  (SearchMobileComputing.com) drive-by spamming  (SearchMobileComputing.com) mobile phone virus  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com) war driving  (SearchMobileComputing.com) warchalking  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary