Symbian S60 phones targeted by botnet-building viruses

Virus-infected mobile games are being used to target Symbian S60 3rd and 5th edition phones, according to a report by mobile security firm NetQin.

The report, published on Monday, identified three viruses — ShadowSrv, FC.Downsis and BIT.NmapPlug — that were nested secretly within mobile games. When these games are downloaded and installed, they give the virus creator control over the handset, according to NetQin.

In order to reach the widest possible audience, infected handsets allow the virus access to the phone book, the company said. The malware then sends out text messages containing links to malicious websites that entice users to click by claiming the links are for popular apps such as 'Free World Cup VOD'. All traces of the sent messages are then deleted.

"Though the purpose of the virus author is unknown, the propagation model of the three viruses indicates that botnets on mobile devices are now emerging and pose a growing threat," according to the NetQin report.

As well as propagating itself, the virus also nabs the phone's IMEI, IMSI and SMS centre number, plus the installation list, posing a potential breach to the victim's personal privacy.

Craig Heath, chief security technologist at the Symbian Foundation, said that NetQin has not been in touch directly to inform it of the botnet. The foundation's usual process when faced with reported malware is to revoke the Symbian Signed certification — the process Symbian uses to verify apps — for the software, he added.

"As far as we can tell, the certificates used in this case were revoked some months ago. Users who are concerned about malware should turn on revocation checking on their phones," Heath told ZDNet UK.

Nokia, Samsung and Sony Ericsson have released handsets running on these versions of theSymbian OS, suggesting that a particularly virulent malware could infect millions of devices.

"The botnets seem to be targeting Symbian S60 3rd and 5th generation operating systems, and our Mobile Security Center estimates 100,000 mobile phones were impacted by them," Dawn Sukyi wrote in a post on Tuesday to NetQin's blog.

However, Heath stressed that in comparison to desktop PCs, the threat to Symbian mobiles is "very minor".

The Symbian OS has previously been the target of other mobile viruses, such as the botnet-building Trojan 'Sexy Space', which surfaced in July 2009. In that instance, the Symbian Foundation acknowledged that it had mistakenly digitally signed the Symbos_yxes.B virus, which had disguised itself as a legitimate app known as ACSServer.exe. Users downloaded that virus for several weeks.

While nothing new, reports of mobile-targeted malware are on the increase, according to Lin Yu, chief executive of NetQin.

"The explosion of mobile applications has made smartphones an enticing target for virus authors. Many security threats that were once only spread on PCs, such as botnets, are now moving to mobile devices to maximise the financial interest," Yu said in a statement.

In March, researchers Derek Brown and Daniel Tijerina of the Digital Vaccine Group demonstrated their ability to build a 8,000-strong botnet comprised of jailbroken iPhones and Android-based phones, though they said they never intended to release the malicious code.

Norton, F-Secure and Trend Micro are among the many traditional providers of desktop-based antivirus that have responded to this increase by releasing mobile versions of their products.