Mobile antivirus firm UMU claims to have demonstrated how easy it is to infect a mobile device with malware.
The company took a standard Nokia 6330 mobile phone to British high streets and shopping centres, and opened up the device to several mobile phone viruses simply by turning on its Bluetooth receiver or downloading files via MMS, SMS or email.
UMU identified five types of viruses and the average number of times these viruses infected the phone across a 28-day period:
Cabir (1) - spread via Bluetooth and MMS, it does not directly damage the phone but continually tries to detect other devices to infect, greatly reducing battery life.
CommWarrior (2) - spread as above, it resets the phone on 14th of every month deleting all personal data.
Skulls (1) - downloaded by user, it disables phone applications like phone book, SMS, media player and changes all phone icons to a skull and crossbones leaving it unusable.
CardTrap (2) - spread as above, it overwrites applications such as the phone book with corrupted copies. These applications will no longer work when you next reboot the phone, rendering the phone useless.
It also drops installers for Skulls, CommWarrior and Cabir onto the device and puts some Windows viruses onto the memory card so that plugging the memory card into a PC will result in the PC being infected as well
Doomed (1) - spread as above, it disables some applications and attempts to prevent the phone from restarting as well as installing Cabir, CommWarrior, Fontal, CardTrap, CardBlock and Skulls. It can also sometimes cause other Bluetooth devices in the vicinity of the infected device to restart
In some cases, the Nokia handset was infected by malware which, once downloaded, could allow the hacker to monitor calls, emails and texts, steal private data, send that data to others in the user's address book and even dial premium rate numbers at the user's expense.
Peter Harrison, chief technology officer at UMU, said: "The new breed of viruses is the most malicious we have ever seen. They are built by highly organised criminals, intent on causing widespread damage or extracting maximum commercial gain.
"What is really scary is that lots of people may already be infected and not know it. Our monitoring has shown a sustained spike in malware detections this year, and there are currently 300 viruses for smartphones.
"And with over 100 million smartphones now in existence it won't be long before they spread."
However, Graham Cluley, senior technology consultant at Sophos, described the problem as a "raindrop in a thunderstorm".
Although businesses should be considering how to control data on mobile devices, Cluley believes that the problem of sensitive data being leaked by leaving mobile devices unattended and unprotected is of much greater concern than mobile malware.
The security expert explained that the effort involved in creating and spreading these programs is not financially viable compared to targeting PC users.
Cluley suggested that users should use common sense when it comes to opening the device to outside communications and installing unknown applications in much the same way as they would with a PC.
Mobile phone viruses gathering pace
By Staff Writers on May 31, 2007 2:50PM