Fortunately, the new phone virus that was detected last week by security firms, dubbed "CommWarrior," runs only on phones using the Symbian OS series 60 platform. No reports yet of the mobile malware creeping into other devices or platforms.
There is no reason though to sit back and relax. Just last month, Cabir, the worlds first mobile phone virus traveling via Bluetooth, caught mobile phone users in all corners of the globe by surprise, although it was first detected eight months earlier in June 2004.
In the age of information, it pays more than ever to be informed.
Though relatively harmless compared to computer viruses that are sweeping across the networked world, mobile phone viruses may be the next big headache in the tech community. According to estimates, there are currently 1.5 billion mobile phone users in the world and growing bigger by the day. This so-called "virgin territory" is proving too irresistible for virus authors that newer strains of viruses have been detected lately.
In a statement from Helsinki, Finland on March 8, security firm F-secure said indications of a new mobile virus spreading through MMS were hinted in a Serbian discussion group in January, which warned of a worm to be sent via MMS messages from infected Symbian OS phones.
As detected in its true form a week ago, CommWarrior, like Cabir, arrives on your cellphone as a commw.sis file. Once downloaded, it installs itself in the phone and quickly searches for other Bluetooth-enabled phones within range to infect. But it doesnt stop there. It automatically sends MMS messages to the infected phones contact list and on the first hour of the 13th or 14th day of the month, it automatically resets the device.
This makes it more disruptive than Cabir since while Bluetooth exchange is cost-free, MMS is not. If your phone is hijacked by this worm, which is also called CommWarrior.A by Symantec, SymbOS/CommWarrior.a by McAfee, and SYMBOS_COMWAR.A by Trend Micro, you have to worry not only of fast battery drain but also of increased and unwanted billing (if you are on a postpaid plan) and rapid load drain (if you are using prepaid SIM). Worry, too, that the worm chooses up to 256 contact numbers from the devices phonebook, according to Symantec.
CommWarrior-infected MMS messages usually carry very attractive headings such as "Norton AntiVirus Released now for mobile, install it!, "3DGame 3DGame from me. It is FREE!, "Free SEX! Free *SEX* software for you! or "WWW Cracker Helps to *CRACK* WWW sites like hotmail.com."
Heed the advice of security experts: never accept messages from unknown sources no matter how tempting, always keep your Bluetooth off and your phones visibility hidden when not in use, and avoid pairing your handset with another device.
In the tech underworld, as in life, the road to hell is paved with good intention, as the saying goes. The first two known mobile malware were not really created to wreak havoc on handsets but to "prove" that malicious codes for handsets can be written. A group of programmers, who called themselves 29a, reportedly developed the EPOC.Cabir virus for Symbian smartphones and WinCE.Dust for Pocket PC in June and July 2004, respectively.
These two, however, have opened the floodgates to other phone viruses.
A month after the launch of Wince.Dust, which rode on the Windows CE platform and came as an e-mail attachment, another worm was activated via pirated copies of Ojom Softwares game Mosquito. It turned out that the games developer itself created the virus to protect its creation from piracy. Lesson for the day: thou shall not download illegal copies of the game software on your handheld. It may be bundled with a virus.
Another virus that masquerades itself as a game was called METAL Gear.a. New Zealand security specialist SimWorks said a file named SEXXXY.sis is sent to any Bluetooth-enabled phone and once a user accepts it, it automatically disables the Symbian system in the handset. Users would very likely download the message as it masquerades itself as the Symbian version of Metal Gear Solid game.
Last November, some Symbian smartphone users reported to have found skull images on their phones, instead of icons in the phones applications. This was the skulls.a virus disabling the phones functions. Imagine yourself staring at your phones LCD screen and finding lots of images of human skulls and bones in place of your customized icons or wallpapers.
Fortunately though, mobile malware has not yet assaulted enterprises. But as PDA phones and other handhelds are now increasingly being issued by companies to their employees, it pays to adopt security policies that will protect the system from surprise attacks.