A new Internet worm targeting mobile devices is loose in the wild and spreading rapidly via SMS messages, researchers at Fortinet warned.
The mobile worm, deemed SymbOS/Yxes.Alworm, but also known as "Sexy View," targets mobile devices running SymbianOS S60 3rd Edition FP 1, affecting Nokia 3250 handsets and other mobile devices with Internet capabilities.
Once installed, the worm executes as "EConServer.exe" masked alongside the legitimate process "EComServer.exe" and runs every time the device is rebooted. In addition to comprising multiple variations, the worm is designed to destroy certain processes, such as the application manager.
The "Sexy View" mobile worm distinguishes itself by gathering phone numbers from the file system of the infected device and repeatedly attempting to send SMS messages containing a malicious URL to the numbers listed.
Derek Manky, cybersecurity and threat researcher at Fortinet's FortiGuard Global Security Team, said that the worm is following the same path as Internet Trojans and botnets, relying on social engineering to catch the users' attention with a link that appears to come from someone the user knows. "Odds are that a user will click the link and become infected," especially if they think they are opening a page that comes from a familiar source, Manky said.
Upon clicking the infected link, the user unknowingly downloads a copy of the malicious worm. The malware then self-propagates, while gathering information on its victims, such as the phone's serial and subscription numbers, which it sends to a remote server controlled by the attackers.
So far, the worm does not appear to take commands from the remote servers it contacts, Manky said. However, the copies of the variations hosted on the malicious servers are controlled by the attackers, giving them the ability to update them at their discretion, and "effectively mutating the worm, adding and removing functionality," which could be used to remotely control the malware, Manky said.
To protect mobile applications from the worm, security experts advise users to keep their antimalware/antispyware products current and caution against opening unsolicited or unknown links.
Meanwhile, security experts say that they expect to see a rise in worms and other malware attacking mobile platforms in months to come as the increased functionality of BlackBerry and other smartphones applications opens more security holes that can be exploited by hackers.
"We're really at the edge of a mobile botnet here," Manky said. "We haven't yet seen a mobile botnet, but this is a very large stop towards that. It's inevitable, just a matter of time."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
