Mobile Malware: Reloaded
Back in 2000 we saw the first PDA infectors and Trojans targeting the Palm OS, since then it has been rather quiet until last year (2004). 
Last year [2004] was a landmark year for malware that attack/infect PDAs and Smartphones, a number of these are known to be in the wild.
In June 2004 we had Carib aka Cabir which used Bluetooth to spread and infect phones that use Symbian OS (Series 60). As of today there are 13 variants known of this Bluetooth worm.
In July 2004 we had Duts which infects Windows/CE aka PocketPC and is a parasitic file infector (virus).
In August 2004 we saw Brador which is a backdoor for Windows CE and PocketPC.
In November 2004 we saw Skulls which is a Trojan for Symbian based phones (Series 60), there are currently 4 known variants.
During December 2004 source code for one of the Carib variants was found circulating on the underground [No, not London Underground or any other metro either 
] and since then a number of new variants have been released. Also, the original author of Carib released his/her source code in January 2005.
On the 10th of January this year a new Symbian malware was found which spreads using two distinct ways. This has not been seen in mobile/PDA malware before now.
The new malware, known as Lasco.A spreads by searching all SIS installation files on the infected device, and then inserts itself as an embedded SIS file into them. This means that any SIS file on the infected device that is shared with another phone will also contain a copy of Lasco.A. Additionally Lasco.A will spread by sending itself directly like Cabir.
AV Researchers carried out some tests with known Java infectors on mobiles that have Java capabilities, and they found that all the currently known Java malware will work on mobiles without any modification.
A number of AV products now exist for PDAs, Smartphones and Symbian based mobiles:
So what does this mean for most mobile phone users?
Well, unless you have a mobile based on Symbian, Palm or Windows CE (aka PocketPC) or have Java functionality then mobile malware will be unlikely to bother you.
However, if you have one of the listed operating systems on your phone/PDA then expect malware to come calling some time soon.
I suspect that as we have already seen a backdoor for these devices it is only a matter of time before we see the first mobile/PDA bot net*.
[*Yes I know there are technical hurdles still to be overcome before this becomes
a reality].
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
