Trojan takes 'Office Space' approach to stealing from phones

Russian security vendor Kaspersky Lab this morning is sounding the alarm about an overseas mobile-phone scam that smacks of the movie "Office Space" and may portend future dangers for global users.

It may also add grist to an ongoing debate here, namely: What is the risk/reward ratio as mobile phones come to handle more and increasingly sophisticated financial transactions?

From the Kaspersky press release:

Last week, Kaspersky Lab experts detected a new malicious program for Symbian that targets customers of an Indonesian mobile phone operator. The Trojan is written in Python, a script language. It sends SMS messages to a short number with instructions to transfer part of the money in the user's account to another account, which belongs to the cybercriminals.

There are five known variants of Trojan-SMS.Python.Flocker, from .ab The amounts transferred range from $0.45 to $0.90. Thus, if the cybercriminals behind the Trojan manage to infect a large number of phones, the amount transferred to their mobile phone account as a result could be quite substantial.

The theory, as put forth in everybody's favorite movie about sticking it to your employer, is that a whole bunch of missing change is less likely to be noticed than the loss of larger sums. The malware writers in this case were also helped by the carrier's desire to provide a simple method of transferring funds to a customer base that depends upon that feature, according to this story in Softpedia.

Credit transferring allows one mobile subscriber to transfer funds to another number. The service is offered by many mobile phone operators around the world, but it is particularly popular in under-developed countries. "This is useful when you need to communicate with someone who does not have enough money in their account," the Kaspersky analysts explain.

Because it is a common practice, operators from such countries always aim at simplifying the process through which credit is transferred between their customers. Such is the case in Indonesia, where a mobile phone service provider only requires a simple SMS being sent to a 151 number, in order to move credit from one account to another.

Simple ... and apparently vulnerable.

Might the risk of such scams jump an ocean and land here in the states any time soon?

"It seems that the focus on financial fraud in the mobile malware industry will only get more pronounced over time," says Denis Maslennikov, a senior malware analyst at Kaspersky Lab. "Until recently, many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon. Now we can see that the problem no longer affects only Russian users - it's becoming an international issue."

Of course, it's always worth noting that security vendors such as Kaspersky make their livings off of such worries, and, in some cases, stoking such worries. ... But does anyone want to argue that he's wrong.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

2009's 25 Geekiest 25th Anniversaries.

Court rules Kentucky does not own the Internet.

Heartland data breach "larger than TJX?"

Twitter limits searches on its site ... What's up with that?

I need a "wallet phone" why?

YouTube takes a page from xkcd.

Airport "X-ray art" isn't likely to amuse TSA screeners.

Bank of America to support Firefox, finally.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in