Mobile malware very active in first quarter of 2008: Kaspersky

Alexander Gostev, senior virus analyst at Kaspersky Lab and author of Malware Evolution: January – March 2008, has revealed that in the first three months of 2008, innovation and quantity of new malicious programs targeting mobile phones have increased.

Most operating systems were targeted; namely Symbian, Windows Mobile, J2ME (Java platform) and the popular iPhone.

“The world of mobile virology was an eventful place in the first quarter of 2008. It was clear that technologies were continuing to evolve and more and more participants - both virus writers and antivirus companies – got involved,” he said.

The report listed affected operating systems and detailed the emerging methods of attack. Highlighted first was a new family of worms targeting the widely used Symbian operating system – the mobile phone operating system used by popular phone companies including Nokia.

Discovered in January by Finnish security vendor F-Secure, the Worm.SymbOS.Beselo.a was a concern for Gostev because it implied the existence of active virus writers and the presence of a mobile phone worm in the wild.

“New variants of Beselo could cause serious local epidemics – this after all is what happened in spring last year, when 115,000 smartphone users fell victim to a Spanish modification of the ComWar worm,” Gostev said.

No longer avoiding the attention of virus writers Windows Mobile operating system also came under attack in the year’s first quarter by a Trojan known as
InfoJack.

According to Gostev, InfoJack is spreading in China; steals data and is the first malicious code targeting Windows Mobile which was found in the wild and caused a significant number of infections.

“The code spread from a Chinese site which contained a range of types of legitimate software. The Trojan was added to mobile product distributives such as Google Maps and game clients."

“The foundation has been laid, the thousands of Chinese hackers currently creating viruses for personal computers may choose to build on it,” Gostev said.

Next on Gostev’s list are Trojans targeting J2ME, which according to him is an operating system that runs on almost any modern mobile, not just on smartphones.

“In January we detected Smarm.b, followed by Smarm.c and Swapi.a, and March brought SMSFree.d. All these Trojans were detected in Russia, and they all use the same method for making money out of users - sending SMS messages to premium numbers.”

“These malicious programs use the same propagation method as InfoJack,” Gostev said. "They spread via popular sites which offer software for mobile phones. The Trojans are either disguised as legitimate utilities or are integrated into such products.”

Meanwhile, Kasperky's report also warned that hacking Apple’s iPhone to install applications will eventually wreak havoc in the mobile security world. He said it's estimated that between 45 percent – 50 percent of all iPhones sold have been unlocked from their original telephony carrier.

“All of these devices are potentially vulnerable to infection by any malicious program for iPhone, as the user will be downloading files from many different unofficial sources to his/her device," Gostev said.

“This can't be controlled in any way; users of modified phones are not entitled to official technical support, and we'll be unable to provide them with any antivirus protection.”

kasperskysecurity