New Worm Targets Mobile Devices

The mobile worm, deemed SymbOS/Yxes.Alworm, but also known as "Sexy View," targets mobile devices running SymbianOS S60 3rd Edition FP 1, affecting Nokia 3250 handsets and other mobile devices with Internet capabilities.

Once installed, the worm executes as "EConServer.exe" masked alongside the legitimate process "EComServer.exe" and runs every time the device is rebooted. In addition to comprising multiple variations, the worm is designed to destroy certain processes, such as the application manager.

The "Sexy View" mobile worm distinguishes itself by gathering phone numbers from the file system of the infected device and repeatedly attempting to send SMS messages containing a malicious URL to the numbers listed.

Derek Manky, cybersecurity and threat researcher at Fortinet's FortiGuard Global Security Team, said that the worm is following the same path as Internet Trojans and botnets, relying on social engineering to catch the users' attention with a link that appears to come from someone the user knows. "Odds are that a user will click the link and become infected," especially if they think they are opening a page that comes from a familiar source, Manky said.

id
unit-1659132512259
type
Sponsored post

Upon clicking the infected link, the user unknowingly downloads a copy of the malicious worm. The malware then self-propagates, while gathering information on its victims, such as the phone's serial and subscription numbers, which it sends to a remote server controlled by the attackers.

So far, the worm does not appear to take commands from the remote servers it contacts, Manky said. However, the copies of the variations hosted on the malicious servers are controlled by the attackers, giving them the ability to update them at their discretion, and "effectively mutating the worm, adding and removing functionality," which could be used to remotely control the malware, Manky said.

To protect mobile applications from the worm, security experts advise users to keep their antimalware/antispyware products current and caution against opening unsolicited or unknown links.

Meanwhile, security experts say that they expect to see a rise in worms and other malware attacking mobile platforms in months to come as the increased functionality of BlackBerry and other smartphones applications opens more security holes that can be exploited by hackers.

"We're really at the edge of a mobile botnet here," Manky said. "We haven't yet seen a mobile botnet, but this is a very large stop towards that. It's inevitable, just a matter of time."