New Skulls Trojan Targets Cell Phones
Malware arrives disguised as a version of the Macromedia Flash player.John Blau, IDG News Service
An updated variant of the Skulls Trojan horse comes disguised as a new version of the Macromedia Flash player to fool users of mobile phones running the Symbian operating system.
Skulls.D disables applications needed to remove it, drops the Cabir.M worm onto phones, and informs users that they have been infected by displaying a full-screen flashing skull, says Mikko Hypponen, director of antivirus research at F-Secure in Helsinki, Finland.
Once users download and install the program, it will overwrite applications designed to either fight or remove it. Infected users are also unable to browse their file system or install new programs, forcing them to reset their phone to its default factory conditions.
F-Secure issued an alert on its Web site this week after receiving reports of infected phones from two users, Hypponen says.
Most Likely Victims
People most likely to be hit by Trojan horse programs such as Skulls are typically users who like to download new software either from Symbian freeware Web sites or peer-to-peer networks, according to Hypponen. "Users who are really at risk are those looking for pirated software," he says.
The Cabir.M worm overwrites all short-range Bluetooth radio applications so that infected handsets, once booted, constantly scan for other Bluetooth-enabled devices and send a corrupt file.
Users are asked if they want to install the file. If they accept, the Bluetooth applications on their phones are immediately overwritten, and their handsets then attempt to pass on the file to other Bluetooth devices in the vicinity.
"Most people find out that they've been affected by the Cabir worm when the battery life of the phones falls dramatically, to about a half day instead of the average three days," Hypponen says.
Going Mobile
Asked if the various Trojan horses, worms, and viruses that began to affect smart phones earlier last year were all created and contained in the labs of antivirus companies such as F-Secure, Hypponen says "absolutely not."
In an interview late last month with the Associated Press news agency, Graham Cluley, a senior technology consultant with London-based Sophos, was quoted as saying that his company had seen no reports of mobile phone users experiencing malware in their daily use, and that the only reports it had seen documented were of "antivirus researchers sending them to each other in their labs."
"Most of the cases we have come across are from real users in the field," says Hypponen, whose company, F-Secure, develops and markets antivirus software. "We have meanwhile collected reports from users in nine countries."
Hypponen says that although malicious programs aimed at new smart phones are not yet a huge problem, "they are a problem, and they're going to get a whole lot worse."