Slashdot Mirror
First Destructive Mobile Phone Virus In The Wild
gbjbaanb writes "eek! the BBC is reporting the first mobile phone virus that causes damage is out and about. The virus only works with the Symbian Series 60's OS (no, not the Smartphone) and spreads through an adapted copy of the legitimate Mosquitos game.
Once installed, a hidden program sends SMS texts to premium rate numbers.
That's not so bad, no doubt the premium rate numbers will be switched off soon but the worst is yet to come - "typically we see them in the wild then copycat ones come along soon after," said Sal Viveros, director of wireless security at McAfee."
"typically we see them in the wild then copycat ones come along soon after," said Sal Viveros, director of wireless security at McAfee."
he means after they are done writing and releasing the viruses, of course.
According to The Register, the malware was built into Mosquitos to begin with as a copy protection mechanism. I don't know whether to believe it or not -- if it's true, it's a really clever way of recouping development costs, and puts a new twist on "software that calls home".
Of course, worm writers will still catch on quickly anyway, I'll bet.
Get the full shimmy here.
First, its not a virus since it cant spread on its own. Its a trojan if its anything. Second, since this only effects people who steal software, why should i care?
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The Register already dug into the details. The premium-rate calls were not added by a virus or by warez monkeys, but were in the original game as a way to monitor who copied it.
Maybe it's the leading edge of a whole, new category of consumer devices! The single purpose device that only does one thing, but does it well!
Best Slashdot Co
Not only is bandwidth irrelevant here, this issue has nothing to do with OS/software. The malware is written in mobile java, and uses the standard, OS-independent, interface to the phone hardware itself to send the SMS messages.
This is not a virus. It doesn't spread itself. It's simply a trojan that you have to manually download and install by bypassing two security warnings after first having found it on an irreputable site or P2P network. Hardly a threat.
:)
I'm also not sure it deserves to to be called destructive either. It doesn't destruct anything or in any way modify any other services on your phone - it simply sends SMS messages. It would be better classed as "expensive"
1. It was not a virus. A pirated version of a game included malware that SMS'd a phone number without the users permission.
2. The malware was not added by the people who pirated the game. Interestingly, it was an intended feature of the game, included by the company.
3. The original intent of the malware was to secretly "phone home" when a pirated version of the game was being played. Because of complaints, they removed this "feature" from later versions. The pirated version was old, and still includes the "feature".
What I find interesting is that they included such a "feature" to begin with.
Mosquitos smartphone 'Trojan' there by design By John Leyden Published Wednesday 11th August 2004 13:31GMT The Mosquitos Symbian dialler Trojan is not really a Trojan horse after all.
Many news outlets, including ourselves, reported that a trojanised version of Mosquitos game for Symbian Series 60 smartphones was circulating online and across P2P networks. Cracked versions of the game secretly sends SMS messages to premium rate numbers, according to reports on various online forums.
Illegal copies of the game display the following message on start-up: This version has been cracked by SODDOM BIN LOADER No rights reserved. Pirate copies are illegal and offenders will have lotz of phun!!!
Yesterday Symbian put out a statement which contributed to the impression that malign code was inserted into 'cracked' versions of the game by members of the computer underground. However it turns out that the hidden SMS functionality, along with a message written in the best vernacular VXer speak, was put in the game from the beginning by the original games publisher Ojom.
In an advisory, AV firm F-Secure explains: This functionality was intended to be a copy-protecting technique - it didn't work as planned and the whole functionality backfired.
The premium rate contracts for the phone numbers have been terminated, so although old versions of the game still send hidden SMS messages, it only costs the nominal fee of sending the message itself. Current versions of this game no longer have this hidden functionality, but 'cracked' versions of Mosquitos still float in P2P network - and they still send these messages, it adds.
So what appeared to be a Trojan is actually a rather sneaky and somewhat ineffective copy-protection technique. Proof that even if something looks like a duck, talks like a duck and walks like a duck it isn't necessarily Anas platyrhynchos.
Although the Mosquitos saga turns out to be an urban myth, the recent discovery of the first malware capable of infecting smartphones shatters the comforting belief the mobile phones are safe from viral infection. The threat is very low at present but shouldn't be completely discounted. ®
Do not meddle in the affairs of geeks for they are subtle and quick to anger
As much of a technophile as I am, I'm starting to see a disturbing trend in technology...nifty new technology that's supposed to make your life more convenient (TiVO, VoIP, multi-function cell phones) almost always end up having problems, and end up creating a lot of stress and headache (although whether this negates the device's 'usefulness' is debatable, obviously). We've had telephones for quite a while now, same thing with cars, TV, etc, but all of a sudden there are troubleshooting prodecures for everything.
I don't want to live in a world where I have to download patches and updates for my phone, TV, cell phone, alarmclock, bathroom scale, toaster, fridge, etc, every other week, or worry about them charging me money or disclosing private information. Some things work just great already and don't need all sorts of crazy upgrading, networking, or convergence. If you had a portable game thingy (not connected to any network) to play 'Mosquitoes', you wouldn't have to worry about this!
With the first link, the chain is forged.
Does allowing an application to send a text message strike people as being a pretty bad design decision?
Phone applications/games should not be able to access any function that might cost the user money. Or if they do, then the OS itself should intercept and ask the user if they wish to allow the application to send the SMS / phone call / data call. "PsychoSolitaire wishes to send a message to +XX.YYYYYYYYY. This will cost £x. Yes/No/Never"
That is just sensible and obvious design.
Slashdot:
"First Destructive Mobile Phone Virus In The Wild"
"...a hidden program sends SMS texts to premium rate numbers."
Article:
"...text messages will still be sent, although not at premium rates."
"Mosquito's Trojan does not do any other damage..."
Does anyone verify that the slashdot article actually represents the real article?
Once they make a phone that fixes problems like these and works with the service in a way that I can make and receive good quality calls, THEN I'll be interested in what they have to say about other uses of mobile phones.
The submitter DID NOT read the article AT ALL, and apparenty neither did the editors.
First of all, it specifically says that the phone DOES NOT text premium numbers. The problem is NOT a virus; it's not even really a trojan. It's a feature that "calls home" in case it's an unlicensed copy. Not only that, the feature was removed in later versions; the cracked version was older. They got what they deserved.
Karma: Segmentation fault (tried to dereference a null post)
Well, either the original article was changed or the article poster didn't really read the article to being with. :( In either case, that's kinda sad.
Though I'd thought that the crackers would have spotted their cracked software doing something unintended...
Interesteding historical tidbit... the Pakistani Brain virus was written with a similar anti-piracy intent in mind. Though that was a virus and spread destructively. This is just a trojan which is annoying.
If a writer really wanted to be destructive, they would have overwritten the Symbian OS boot code and firmware loading codes and executed a phone reboot. (nevermind the sim card and access to other data cards inserted into the phone)
Kinda makes me reconsider getting a more powerful phone... :(
Winged Power Photography