Recent headlines such as "Cabir worm wriggles into U.S. mobile phones" conjure up the image of old tabloid headlines touting killer bees heading to the U.S. from South America. The latest buzz is that your cell phone could be infected with a nasty virus and you might not even know it.

Granted, your chances of infection are probably less than getting stung by killer bees, but mobile threats are only in their infancy and will continue to grow in sophistication, making the problem something IT staff should get on their radar early.

There are several mobile phone viruses in the wild at the moment, including Skulls, Cabir and Fontal. And, like many PC-based viruses, each has its own set of variants aimed at keeping users and security vendors on their toes.

Skulls spreads by hiding in what looks like a harmless application for your mobile phone, be it a "theme" manager application or simple game. It replaces system icons with a picture of skull and cross bones and makes it difficult to access phone functions. Cabir variants - there are roughly 20 - use Bluetooth wireless technology to spread between phones in close proximity. And Commwarrior uses the Multimedia Message Service (MMS) to send infected files that look to be important security updates between devices. Commwarrior also will reset the device on the 14th day of the month, thus deleting all settings and data, if the virus is not removed in time.

Fortunately, the number of reported infections of each variant of Cabir, Commwarrior and Skulls fall in the 0-to-49 range, according to Symantec's virus threat database. Removal of the viruses is relatively easy, usually involving the deletion of infected files. In rare, more severe cases, the device might need to be reset to the original factory settings.

Vulnerable devices

The current slate of viruses all target the Nokia Series 60 smartphones running the Symbian operating system . A smartphone combines phone and PDA functions into one device. The good news is that 96% of the phones sold last year are not smartphones, use an operating system other than Symbian and are, therefore, completely immune to existing mobile threats.

Symbian holds the biggest share of the smartphone operating system market, with 13.65 million units shipped in 2004. Other operating systems such as palmOne and Windows Mobile accounted for another 6.6 million units, according to In-Stat/MDR. By comparison, the total number of worldwide mobile phones sold in 2004 was 678.9 million, says Neil Strother, a senior analyst at In-Stat.

Of the major wireless providers in the U.S., only T-Mobile and Cingular offer Symbian-based phones. Verizon Wireless and Sprint don't carry any Symbian devices.

Even if one does have a Nokia Series 60 device, it takes some effort to catch the virus. Unlike many of today's network-based worms that can spread between PCs and servers without any end user interaction, mobile viruses are far less sophisticated. With Cabir, users must have Bluetooth turned on and visible to nearby phones that are similarly equipped. An infected phone will constantly search for other Bluetooth devices to which it can pass its payload. The target machine will get a message asking the user to accept and install a SIS file (a Symbian file format) being transmitted via Bluetooth wireless. Users would have to accept both the transfer and installation of application to get infected.

Commwarrior works in a similar fashion, except it uses an MMS message that claims to be delivering an important Symbian security or application update, says Travis Witteveen, vice president of American operations at anti-virus vendor F-Secure. Targeted users still have to accept the download and install the file to be infected. Commwarrior does add a bit of nastiness in that it embeds itself into application files on the device, making it more difficult to disinfect.

"Consumers have to go through hoops to get the virus," says Laurie Armstrong, a spokeswoman for Nokia, which has a large financial stake in Symbian. "These are not crazy, freely spreading viruses."

There's no inherent flaw - such as a buffer overflow or missing security feature - that virus code writers are exploiting in the Symbian operating system or Nokia's implementation of it. "The threats are targeting high-end phones that have fully functional operating systems and have the ability to download and install arbitrary applications," says Oliver Friedrichs, senior manager at Symantec Security Response.

Symbian offers a signed application service that digitally certifies the author of an application and that the application has not been changed since certification. When non-signed applications are installed, users get an additional "do you really want to do this?" warning.

"A Symbian-signed application [or any signed application in general] is a measure of certain standard of application," says Simon Garph, vice president of marketing at Symbian. "You know where it comes from and that it's been through a certain series of tests."

The mobile-oriented viruses are not designed to do much more than spread, although they might mess up a device enough that it has to be reset to the original factory settings or drain the battery because an infected unit constantly searches the airwaves for a new target.

"Right now they're more proof-of-concepts," Friedrichs says. "People are writing them to show that something can be done or that the phone platforms can be impacted by threats, just like the PC is."