Antivirus Companies Report First Mobile Messaging Worm
Users with Symbian Series 60 phones affected.Paul Roberts, IDG News Service
The first mobile-phone virus that spreads using the popular Multimedia Messaging Service (MMS) is circulating among Symbian Series 60 mobile phones, antivirus companies have warned.
Antivirus vendors first spotted the new virus, dubbed CommWarrior.A, today. When an infected attachment is opened, the virus places copies of itself on vulnerable mobile phones and uses the phone's address book to send copies of itself to the owner's contacts using MMS. Antivirus experts believe CommWarrior, which has been spreading slowly among cell phone users since January, is not a serious threat. However, the virus could herald a new age of malicious and fast-spreading cell phone threats, according to Mikko Hyppönen of F-Secure Corporation.
MMS is a popular text messaging technology that is closely related to SMS (Short Messaging System), but allows mobile phone users to send multimedia content, such as sound files or photos, between MMS-compliant mobile phones. The technology is popular, especially outside the United States, where phone users have widely adopted newer-generation cell phones that support multimedia features and MMS messaging, Hyppönen says.
"My kids use it all the time to send messages, or photos," says Hyppönen, who lives in Helsinki, Finland.
Don't Open the Attachment
CommWarrior uses MMS to spread copies of itself to phone numbers stored in the address book of phones it infects. Victims receive MMS messages with file attachments that contain the CommWarrior virus. The messages contain enticing messages such as "3DGame from me. it is FREE!" and "Nokia RingtoneManager for all models," F-Secure says.
When victims open the attached virus file, CommWarrior is installed on the phone and begins randomly sending MMS messages with copies of itself to numbers in the phone book. Complicating matters, CommWarrior can also spread between phones using Bluetooth wireless connections, says Victor Kouznetsov, senior vice president of mobile solutions for McAfee.
Those who do get infected with CommWarrior can easily shut the virus down by pressing and holding the menu button on their cell phone, then selecting the CommWarrior from the list of applications that appears and pressing the "C," or "Clear," button, Kouznetsov says. Once the virus is disabled, mobile phone owners can use file management tools on the phone to locate and remove the virus files. F-Secure and McAfee both posted bulletins listing the folders where the CommWarrior virus is installed on infected phones.
Early Reports
F-Secure first identified CommWarrior on Monday. However, a search of the Internet revealed newsgroup messages from Nokia customers who complained about CommWarrior infections as early as January.
"I need help. I have a very strange problem with my nokia 6600. It tries send MMS automatically to my contacts (Randomly) that I have in my phone book," reads one message, posted January 23, that goes on to verify a commwarrior.exe infection.
A copy of the virus posted on a Web page is dated January 1, and claims to work on the common Nokia Series 60 phones. That could include more than 10 million phones worldwide, but it's doubtful that CommWarrior, as currently written, could infect anywhere near that number, says Kouznetsov.
"It still relies on social engineering and user interaction to spread," he says. Even when users do click to open the CommWarrior attachment, a series of warning messages appears before the virus is actually installed, he says.
F-Secure is testing the sample of CommWarrior. However, the virus is difficult to test. Its ability to spread via wireless and MMS messages makes containment hard, Hyppönen says.
Mobile phone viruses are a recent development, but could be a major threat in years to come, as mobile devices become more powerful, according to Hyppönen and others.
Cabir, the first known mobile virus, spreads on phones running the Symbian operating system and that are equipped with Bluetooth wireless connections, including Series 60 phones from a number of manufacturers, such as Siemens AG, Nokia, and others. The virus first appeared last June as a "proof of concept" released by virus-writing group 29a.