Mobile Virus ACE-? – Is The Hoax That The Hoax Is The Hoax?

Mobile Virus ACE-? – Is The Hoax That The Hoax Is The Hoax?

By: Eric Everson, Founder of MyMobiSafe.com

In the mobile security industry we all go into overdrive when we hear about a new threat because we want to ensure that we’ve coded against it. There is an old e-mail (circa 1999) that has reared its head again that says something to the effect of:

“If you receive a phone call and your mobiles phone displays ACE-? on the screen DON'T ANSWER THIS CALL - END THE CALL IMMEDIATELY. IF YOU ANSWER THE CALL, YOUR PHONE WILL BE INFECTED BY THIS VIRUS. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 million mobile phones being infected by this virus in USA now.”

Symantec supposedly researched/archived this as a hoax email back in 1999, but here we are in 2007 and the same message is floating around in full force again. What gives might one ask? It seems that there may be some shred of truth to this old “hoax”. At MyMobiSafe.com, we’ve identified and coded against a “jacking script” that is titled “ACE.” A jacking script is written to be sent via text messaging (SMS) to a mobile handset where it will attempt to retrieved specific data metrics (like a contact list) and send them back to a central server. Jacking scripts also referred to as “content jacking” are usually only used to phish for data such as contacts and key strokes though they are usually only built for a specific campaign and discarded.

So about that old e-mail, the truth about it is that there may be a low level external threat out there with the letters “ACE” in the file name. The false information (at least as of today 6/8/07) is that it has not spread to 3 million people and the virus would also arrive to look like a text message not a call. It looks like someone may have built the existing threat to piggyback off of the “hoax” label that was assigned in 1999.

Again as of 6/8/07, our records indicate that the newest version of “ACE” is no longer an active threat as the original backfeed IP is null. Mobile threats usually seem to come in waves, so there is a possibility that we may see a few new threats that piggyback off of old “hoax” files in the future. Feel free to check us out at MyMobiSafe.com if you are interested in protecting your mobile against these concerns in the future. Keep reading my blog to learn more about mobile security.

By: Eric Everson – Founder, MyMobiSafe.com ericeverson@hotmail.com or Eric.Everson@MyMobiSafe.com