- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks.
Fortinet's threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include handsets such as Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.
The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones.
Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon "clicking" on the attachment. "Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software," warned Fortinet.
After installation, the worm harvests all the phone numbers located in the phone's contact lists and targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well.
Interestingly, all these numbers are located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers.
Guillaume Lovet, manager of Fortinet's Threat Response Team, EMEA, and the man who conducted the research and discovered this malicious activity, told Techworld that this is not just another 'theoretical' mobile worm that nobody will ever encounter.
"It is actual spreading in the wild," said Lovet, "although numbers are still pretty low." He confirmed that the worm only affects Symbian S60 enabled devices.
Lovet says Fortinet first became aware of the worm after one of his customers (a "large, large mobile operator") provided them with a sample. He says the worm seems to be spreading in the EMEA (Europe, Middle East, and Africa) region, and Fortinet is investigating the Chinese angle, and is in touch with law enforcement officials.
"We really want to know why this worm is doing that (contacting Chinese mobile numbers)," said Lovet. "Perhaps it wants to seed itself pretty aggressively," he speculated.
Rss FeedRss Feed
IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment