Saturday, March 12, 2005

Mobile Phone Virus Spreading Via MMS

In the past, the few mobile phone viruses to have success have done so through propagation via Bluetooth technology.

Previously, malicious programs like the Cabir virus made use of a phone's Bluetooth technology. Once a phone was infected, the virus, via Bluetooth, would "search" for other mobile units where it could spread. However, this new mobile virus called Commwarrior uses both Bluetooth and multimedia messaging services (MMS) to spread itself to other phones.

Because of the method Commwarrior uses to infect others, many are considering it to be the first official mobile phone virus. The virus also runs on the mobile OS environment, Symbian Series 60.

According to F-Secure, who first presented the Commwarrior news, the mobile worm sends a MMS message to other unsuspecting users. The infected message contains the Russian text saying, "OTMOP03KAM HET!," which, roughly translated, means, "No to braindeads".

On F-Secure's weblog, the engineers offer further details by saying, "Phone viruses so far have been spreading over Bluetooth - so they only affected phones that were nearby. A MMS virus can potentially go global in minutes, just like email worms do."

Besides placing files Commwarrior files, gathering contact information, and attempting to spread itself to other phones, the amount of damage the mobile virus inflicts is minimal. The area of concern for the security industry stems from Commwarrrior's method of propagation. Because it can make use of both Bluetooth technology and MMS capabilities, spreading itself to other phones is not too difficult.

Once infected, Commwarrior places the following files within a mobile unit:


Symantec's bulletin for Commwarrior contains removal instructions in case you have a mobile phone that gets infected:

To remove SymbOS.Commwarrior.A:
Install a file manager program on the phone.
Enable the option to view the files in the system directory.
Search the drives, A through Y, for the \system\apps\commwarrior directory.
Delete the files commwarrior.exe and commrec.mdl.
Go to the \system\updates\commwarrior directory.

Delete the files commwarrior.exe, commrec.mdl, and commw.sis.

That'll take care of it!

Links to this post:

Create a Link

<< Home