The first real mobile phone virus, which was found in the
wild and could replicate on its own, was discovered almost two years ago.
On June 15 2004, Finnish anti-virus firm F-Secure and Russian rival Kaspersky
released details about a piece of mobile phone malware that used Bluetooth to try and spread to other Symbian series60-based mobile phones.
Almost two years on, F-Secure's chief research officer Mikko Hyppönen reports
that although there are now over 200 mobile phone viruses--many of which are
variants of Cabir--the problem is unlikely to get as bad as it has with
"The difference is that PC viruses were first found in 1986 and mobile phone
viruses were found in 2004," said Hyppönen in an interview with ZDNet
Australia at the AusCERT conference in the Gold Coast last week. "So we are
living in the equivalent of 1988 but in 1988 Microsoft or hardware manufacturers
were not doing anything about viruses".
"In the mobile phone world, all the mobile phone manufacturers are working on
the problem as are the phone operating system manufacturers, like Symbian,
Microsoft and Palm. Operators are on top of this--there are several phones
from Nokia that come with antivirus software, which is made by F-Secure," he said.
At AusCERT, Hyppönen presented a talk about current and future mobile phone
threats. He explained that malware aimed at mobile phones is close to evolving
into something that could make cybercriminals lots of money.
"On any new platform the first malware is made by hobbyists as a proof of
concept--the professionals move in later on. This change hasn't really
happened yet on the mobile phone side," said Hyppönen.
One example of a Trojan designed to illegally
make money from Mobile phone users is called Redbrowser, which will run on
any Java-enabled phone and is 'advertised' as a special Web browser that, if
installed, will provide the user with WAP browsing.
In reality, Redbrowser is programmed to send vast quantities of text messages
to a Russian premium rate number, which could cost the victim hundreds or even
thousands of dollars.
"Redbrowser starts to send text messages from your phone to that number--as
many as it can, as fast as it can and each message costs you around US$5," said Hyppönen.
Another piece of mobile malware that could hit its victims in the pocket is
Commwarrior, which first appeared in March 2005 and used both Bluetooth and
Multimedia Messaging Service (MMS) to replicate.
MMS is commonly used for sending picture messages but it can also allow
mobile phone users to exchange ring tones, files and other applications.
"Say you have 200 numbers in your phone and you get hit with Commwarrior. It
will send an MMS message in your name to every single number in your phone. So
people get a message from you, they trust you and open up the message and get
infected," explained Hyppönen.
If Hyppönen got infected by Commwarrior, it would cost him a significant
amount, he said: "You pay for every message so if it cost 50 cents, [200
contacts means] it has cost you US$100. I have 1600 contacts so if I get infected
it will cost me US$800--that is already a lot of money".
Although Commwarrior infections are not
a serious problem at the moment, some mobile phone operators are already feeling
the pain, said Hyppönen.
"One operator found that 2.5 percent and another found 3.5 percent of all
their MMS traffic was not generated by people but by viruses. Another operator
we spoke with said that their user support gets around 200 calls a day about mobile phone viruses," Hyppönen said.
Spyware moves in
Over the past year, spyware has become one of the
biggest problems on PCs so it is not be a surprise that issue has migrated to
At the end of March, F-Secure discovered a "spying application" called
Flexispy that is designed to record text messages, log calls and even send back
recordings of calls to a third party.
Although the application, made by Bangkok-based Vervata, is technically legal
and has legitimate uses, F-Secure objected to the fact that once
installed there is no indication to the user that so much information is
being leaked to a third party.
"You can use it to monitor your 10 year old and it is legal--depending on
where you are--and justifiable. But then again if you install it on somebody's
phone without them knowing about it, it is illegal," said Hyppönen.
F-Secure classified Flexispy as a Trojan and included detection for it in its
mobile phone anti-virus software, said Hyppönen: "We made the call based on the
fact that it never shows you any messages or explains what it is".
Vervata responded by publishing a strong
objection on its Web site: "Like any other monitoring software there may be
a possibility for misuse, but there is nothing inherent in FlexiSPY that makes
it illegal or malicious, and Vervata would like to point out that F-Secure
comments categorizing FlexiSPY as a Trojan are completely incorrect".
Unfortunately for Vervata, other security software vendors--including
Symantec and Kaspersky--have sided with F-Secure.
Last year, analyst group Gartner predicted that a serious mobile phone virus
is unlikely until the end of 2007 because it will take that long until there are enough
mobile phones capable of carrying the infection.
Hyppönen also believes that the virus problem will get worse--before it
gets better. However, he is confident it will never be as bad it is currently with PCs.
"There have already been tens of thousands of mobile phones infected and
mobile viruses have spread
to 30 different countries. A virus has tried infecting my phone 4 times--
once in London and three times in Finland.
"If we play our cards right we will not have 165,000 mobile phone viruses in 2020," Hyppönen added.