bit-tech.net

SymbianOS worm in the wild

SymbianOS worm in the wild

Screenshots provided by Fortinet show the warning that appears when you open an infected message.

Security firm Fortinet has issued a warning regarding a worm currently doing the rounds aimed, rather unusually, at SymbianOS mobile phones. Unlike previous worms aimed at the handset OS this is actually in the wild rather than the lab, although it's still highly unlikely you'll come across it by accident. So far the company has only identified Symbian S60 as being prone to the infection.

The malware has been labelled SymbOS/Beselo.A!worm and travels via multimedia messages sent from infected handsets to contacts harvested from the 'phone's memory. The file attached to the MMS is a Symbian Installation Source (SIS) installer package, but the worm uses a classic bait-n-switch technique, disguising it as a harmless media file like beauty.jpg or love.mp3.

Unfortunately SymbianOS checks the header of a file to determine the content and doesn't rely on the file extension, which means that the installers will run even though they do not end in the traditional .sis extension.

In addition to spamming the heck out of your contacts list, Fortinet is reporting that the worm sends messages to automatically generated numbers too, all of which belong to the same Chinese mobile operator. The company says the reason for this is “still under investigation,” but it would seem to point to the VXer being based in China and possibly having a grudge against the unnamed operator.

There's a pretty simple way to avoid infection, however. Despite Fortinet doing its best to hype up the infection in order to shift copies of its anti-virus solution for mobile phones, the company admits that when the message is opened “the phone issues a warning dialog saying "Application is untrusted and may have problems. Install only if you trust provider",” which makes it unlikely anyone who actually still pays attention to the dialogue boxes on their equipment will fall for the scam.

Still, this latest spread at least underlines the point that it's not just Windows users who need to take care out there.

Any SymbianOS users out there received any dodgy messages, or do you keep your phone in a lead-lined box just in case? Let us know over in the forums.

3 Comments

Discuss in the forums Reply
sbarts 23rd January 2008, 11:07 Quote
This seems to only effect S60 2nd edition phones. The newer 3rd edition phones such as the N95,N81,N73.... are not effected.
r4tch3t 23rd January 2008, 13:01 Quote
Hah, will never affect me, I have used low end phones since I started using Mobile phones. I see very little use for "smart phones" as I have a laptop and Desktop. My current phone and all previous phones have been years old, all I need are calls and text.
I guess it is inevitable that viruses will penetrate the mobile market as smart phones become more widely adopted.
leexgx 23rd January 2008, 14:50 Quote
alot of phones uses S60 does not matter if it was free or not, so not sure what your point is
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums