Transmitter.C mobile malware spreading in the wild

Transmitter.C mobile malware spreading in the wild

Summary: Researchers from NetQin Tech. are reporting on a newly discovered mobile malware variant (Transmitter.

SHARE:

Researchers from NetQin Tech. are reporting on a newly discovered mobile malware variant (Transmitter.C) distributed through a modified version of legitimate mobile application. Upon execution, the malware attempts to automatically spread by SMS-ing hundreds of messages linking to a web site where a copy of it (sexySpace.sisx) can be found.

NetQuin's CEO, Dr. Lin Yu provides more insight into the nature of the malware, its financial implications for the infected user, as well as thoughts on the future of mobile malware.

Go through the Q&A.

Dancho: What are some of the characteristics of Transmitter.C?

Dr. Lin Yu: As a foreign variant of previous erotic short message virus (Transmitter.A), this virus camouflages in a normal third party mobile phone software " Advanced device locks" to inveigle the users to install it.

After installation, this virus will be automatically started up. Just a minute, it will automatically access network for about 3 minutes. Later, this virus will send short messages externally at interval of 10 - 15 seconds. As can be observed from the communication record, there are large amount of records of sending short messages, all the numbers to which short messages are sent are strange numbers, but it is completely impossible to find the record of short messages that have been sent in the Sent Box.

After having sent about 500 strange short messages, this virus will traverse the cards folder to send out short messages. Furthermore, this virus can automatically identify mobile phone languages and send different short message contents including "Classic Gongfu stories, City passion, Wife change, School girl, Violent incestPlease immediately access?" A very interesting girl. Try it now!" etc., and attach a URL after each short message.

This virus will run away with user's tariff by sending out short messages at such high frequency. In addition, it is very likely that this virus forcibly subscribes some services for the users, thus consuming user's tariff.

Furthermore, this virus has transmissibility. In the form of obscene short messages, it will inveigle the users to click the links in the contents of short messages. Upon clicking such links, a user will download virus to his/her mobile phone, becoming the next virus-spreader. In addition, this virus can also transmitted in the form of legitimate third party software that is put in the Website and Forum for downloading mobile phone software.

Dancho: How is Transimitter.C different than any other Symbian malware?

Dr. Lin Yu: As compared with the Symbian malicious software formerly discovered, Transimitter.C has even stronger transmissibility and harmfulness: It not only has the corresponding server end for coordination, but can also be dynamically adapted to the current language of mobile phone and thus send short messages to address lists and strange numbers in different languages Furthermore, utilizing obscene short messages with links, it can inveigle the users to click it for installation. If this virus has been transmitted to mobile phones, it will bring tremendous economic loss and reputation crisis to the users.

Next -->

Dancho: Since the application mentioned as the propagation vector for the malware -- Advaced Device Locks -- is a legitimate one, is this a case where a legitimate software has been brandjacked and modified in order to trick users into installing it?

Dr. Lin Yu: Yes. This virus can camouflage as legitimate software for transmission. Camouflage mode: The executable body of virus attaches at normal software to inveigle the users to install it.

Dancho: Are the malware authors attempting to somehow monetize the campaign and earn profit in the process, or is Transmitter.C basically a proof of concept that can only result in huge phone bills due to the short time interval between sending the SMS messages?

Dr. Lin Yu: This malicious software is designed to realize the object of making commercial profit. Transimitter.C has promoted some malicious links. Very likely, it forcibly subscribes some services for the users, thus consuming the tariff of users; These malicious links may induce a user to download virus to his/her mobile phone, so that this user will become the next virus-spreader.

Dancho: How would you describe the current state of mobile malware? Is the inevitable growth of the micro-payment market prone to increase cybercriminal's interest in mobile malware, or would they go after the intellectual property data stored on the smart devices?

Dr. Lin Yu: These two aspects will become the major targets attacked by mobile phone malicious software.

In our opinion, with the intellectualization of mobile phones and the increase in network bandwidth, there will be more and more mobile phone malicious software and their routes of transmission. Furthermore, because many users have get accustomed to saving their privacy information such as bank account, address list and photograph and their mobile phones have payment function, the mobile phone malicious software will generate much more hazards than computer malicious software.

According to the study on the viruses we have captured, most of mobile phone malicious software are still mainly designed to consume the tariff of users by means of automatic networking and automatic transmission of malicious short messages for fee reduction. In addition, few malicious software have turned to steal the privacy information of users. In particular, the privacy information in the users' mobile phones (short message, address list and picture etc.) will become the main targets of attack by malicious software and will be likely transmitted in the modes of short messages and networking, resulting in the  disclosure of user's privacy.

Topics: Software, Collaboration, Mobility, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Well, I learned a new word today: inveigle

    nt
    Dietrich T. Schmitz
    • It's a great word...

      and too infrequently used.
      msalzberg
      • RE: Transmitter.C mobile malware spreading in the wild

        Altogether we be capable of approximately all but it is become at a minute ago approximate to along with do drawn better
        <a href="http://www.phenobestin.com/s-4-adipex.aspx">Adipex</a> / <a href="http://www.phenobestin.com/s-7-phentermine.aspx">phentermine online</a>
        cheap phentermine 37.5
  • This could never do any harm

    The only way this could do any harm is if some phone OS was [b]so[/b] badly written that it parsed SMS as root and there was a known vulnerability in the parsing routine that allowed for remote code execution through SMS. But no phone OS is [b]that[/b] badly written, right?
    NonZealot
    • Do you even read an article before commenting?

      The article clearly states:
      "this virus camouflages in a normal third party mobile phone software ? Advanced device locks? to inveigle the users to install it"

      So, the weakness is not the OS, but the users who install stuff from unknown sources. It's called "social engineering"
      financegozu
    • This has nothing to do with the OS...

      This has nothing to do with the OS... this malware needs the user to install it to work. The stupid is not the OS but the user.

      Please read before posting, dude.

      Regards,

      MV
      MV_z
  • Are these virus inside of my phone even before the purchase?

    The attack is so great that I'm thinking the virus are in the phone from the factory or a re-flash at the store.Some of these stories that you read about porn being discovered in the computer have me wondering if the porn comes with the phone flash.
    BALTHOR
    • unlikely

      When you buy a smartphone, it's at factory defaults so basically no user-installed apps on it, yet.
      Then you use it with your own SIM so, again, unless you somehow got some weird stuff on your SIM before you install it in your new phone then I don't think you're in danger ;)
      jedikitty@...
  • RE: Transmitter.C mobile malware spreading in the wild

    Maybe a stupid thing... but what if you were a mobile
    provider... would you be really, really sorry that this virus
    generates more revenue?
    It seems they're the only ones benefitting from it.
    phfdehaan
    • RE: RE: Transmitter.C mobile malware spreading in the wild

      i do not think so.

      now most of PC viruses have commercial purpose.

      i think mobile too!

      they are just only not too strong.
      mic_82
  • RE: Transmitter.C mobile malware spreading in the wild

    The sky is falling...o wait, that happend already, stars?
    theguru1995@...
  • Get...

    ...an iPhone, retards
    DDhx
  • RE: Transmitter.C mobile malware spreading in the wild

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut
  • RE: Transmitter.C mobile malware spreading in the wild

    Completely we will approximately all but this is become arrange just akin to with the aim of and act even advance
    <a href="http://www.phenobestin.com/s-4-adipex.aspx">Buy adipex</a> / <a href="http://www.phenobestin.com/s-7-phentermine.aspx">buy phentermine online</a>
    cheap phentermine 37.5