Tuesday, May 31, 2005

Yet Another Wireless Telephone Virus

Yet another wireless telephone virus is on the loose. You may remember Cabir sightings in various countries. Well...now the Commwarrior virus is spreading to wireless phones worldwide via MMS and Bluetooth. Not only will it infect your phone, but will ring-up your phone bill by sending numerous MMS messages in the middle of the night. Commwarrior could potentially be much bigger trouble than Cabir - via MMS it can jump from one country to another easily.

Commwarrior monitors the phone's clock and spreads over Bluetooth during daytime (from 08:00 to midnight) and spreads via MMS during the night (from midnight to 07:00). The worm sleeps at random times between sending the messages, further slowing down the spreading.

And of course, sending MMS messages is expensive. Let’s do a little math here. How many phone numbers do you have in your phone? How much does sending one MMS cost you? Assuming, say, 500 numbers and 0.50€ per message, that would cost you 250€. Of course, that money wouldn't go back to the virus writer, but in any case we're talking about a nasty side effect here.

When Commwarrior arrives via MMS, the user sees a message that contains social engineering text and an attachment. Unlike in Bluetooth replication, where the system installer starts automatically after receiving message (of course with normal installation dialog), user has to save the SIS file attachment from MMS before the installer starts.

Thus getting infected with Commwarrior over MMS takes even more steps than Cabir over Bluetooth, which is probably one of the reasons why we haven't seen distribution in larger scale. But as we know, people are curious, and there are always some people who will install Commwarrior. Especially since via MMS they seem to receive the file from someone they know.

Commwarrior infected phones can be easily disinfected with by surfing to mobile.f-secure.com and downloading F-Secure Mobile Anti-Virus - or manually with a third party file manager. And telecom operators can scan the MMS traffic for viruses using a suitable tool, for example F-Secure Mobile Filter.

One worrying aspect is that people do not seem to know that they should contact Anti-Virus companies when phones get infected. In many cases where people get their phones infected, they ask help from other users in the mobile newsgroups and discussion forums.

This is bad since, they might get bad advice, such as instructions to format their phones, while using Anti-Virus or disinfection tool would be enough. Also it is problematic for the Anti-Virus companies, since without user reports it is hard for them to keep track of the developments in the mobile field. And it is impossible for them to provide guaranteed detection for new malware, without getting a sample of it first.

So do pass word around, that if someone’s phone gets infected, he/she should contact an Anti-Virus company for help. Advice costs nothing and it helps them to keep up to date with what’s going on.


Post a Comment

Links to this post:

Create a Link

<< Home