Expect a 'serious' mobile phone virus in 2008

Security experts have said that enterprises will not have to worry about a large scale virus outbreak affecting their 'smart' mobile phones and PDAs for another 18 months. However, after that, even anti-virus software is unlikely to help.

Security experts have said that enterprises will not have to worry about a large scale virus outbreak affecting their 'smart' mobile phones and PDAs for another 18 months. However, after that, even anti-virus software is unlikely to help.

Earlier this month, Gartner analysts John Pescatore and John Girard, published a research paper looking at how enterprises should prepare for the growing threat from mobile phone-based malware. According to the paper, a fast spreading virus or worm is unlikely until the end of 2007.

"Despite this intense vendor and media-driven speculation -- and several well-publicised hoaxes -- the necessary conditions required for viruses or worms to pose a real rapidly spreading threat to more than 30 percent of enterprise mobile devices will not converge until year-end 2007," said Pescatore and Girard.

According to Gartner, there are two main factors that will create an environment that would encourage a virus to propagate. Firstly, smartphones capable of being infected by malware will make up around one third of the market. Secondly, users of those phones will regularly exchange executable files.

"Viruses and worms cannot infect large numbers of wireless devices until at least 30 percent of users commonly receive e-mails with attachments... By year-end 2007, large-scale user-to-user sending of more-complex executables will be commonplace. Once smartphones account for 30 percent of all wireless telephones in use -- likely no sooner than the end of 2007 -- rapidly spreading attacks will be much more likely,' said Pescatore and Girard.

Warren Chaisatien, research manager for Wireless & Mobility at IDC Australia, agrees that there is unlikely to be a major outbreak till the start of 2008.

"Today the penetration of mobile devices with an operating system [capable of being infected by a virus] is still relatively small. It is not an immediate concern for CIOs and CTOs. The major concern for virus infection continues to be the PC," said Chaisatien.

However, the analysts have warned that once smartphones do reach a critical mass, administrators will have to look further than client-based antivirus software, which the Gartner analysts have slammed as 'ineffective'.

"Smartphone or PDA antivirus approaches that rely on device software will always fail to block the most-damaging viruses... Desktop antivirus software became largely ineffective -- other than as a removal tool after infection occurred -- as soon as e-mail surpassed floppies as the dominant transmission mechanism," said Pescatore and Girard.

James Turner, security analyst at Frost & Sullivan Australia, agreed that client-based reactive antivirus protection is unlikely to provide adequate protection.

"Signature driven antivirus tools are great for hindsight, but we are at a turning point where signatures are not enough... Currently the attackers are testing their tools against the most popular antivirus products, which means the threat they release has effectively been certified against what we are running," said Turner, who believes protection should be provided on the network layer: "We need to place more emphasis on tools that detect anomalies in network traffic and behaviour."

This is a sentiment echoed by all the analysts.

Gartner's Pescatore and Girard said: "The mobile world should not repeat the mistakes of the PC world. Malware protection services should be built into the network first, and device-side protection should be the last resort."

IDC's Chaisatien said that if a network was able to recognise and eliminate threats would be ideal but he thought the concept was till 'futuristic'.

"A more futuristic approach is where the intelligence lies in the network - that would be ideal -- but I don't know how long it will take us to get there. Prevention at the network level will always be better and smarter than using solutions at the device level but I think it is easier said than done," said Chaisatien.

Mikko Hyppönen, director of antivirus research at Finnish firm F-Secure -- which has developed an antivirus tool for mobile phones -- said that although he does not expect to see a Slammer or Sasser-type virus attacking mobile phones for "a year or two", the attacks have already started.

"Commwarrior is spreading quite effectively via MMS already. In fact, I just got a call this morning from the editor of a large Scandinavian IT publication; he got infected on his own phone last Thursday -- at a press conference for a mobile phone company," said Hyppönen.