Slashdot Mirror
'Metal Gear' Symbian OS Trojan Disables Anti-Virus
Omniscientist writes "Just when you thought your Series 60 smartphones were safe, a trojan has surfaced with a two-pronged attack that also in turn disables any anti-virus protection available. Infosyncworld has news about a trojan masquerading itself as a port for the Metal Gear game that disables all anti-virus software on the phone and other necessary utilities like file managers. Also, it affects other phones nearby it via Bluetooth. This trojan has been dubbed 'Metal Gear.a,' quite aptly."
So now I need tin foil for my cell phone, too.
Well, I don't really have a cell phone, but if I did..I'd need tin foil for it.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
That's awesome, but I wish these guys would put their brainpower and idle time towards something more productive, like OSS software development.
Nokia 5190 pwnz joo.
But really, why would anyone be an all-terrain magnetic rail-gun ballistic missile nuclear launch system for their cell phone anyway?
I just want an unstoppable cell-phone virus that permanently disables ringing... then I could cope with the things being about.
..when the purple-stuffed webworm in the flap jaw space with the tuning fork does a RAW BLINK on hairi kairi ROCK!!!
I NEED SCISSORS!
61!!!
HAHAAHAHAHAHAHAHAHAHA
... so how do they justify the hike? Oh they add in Java, cameras, ring tones, etc... You want a toy? Buy a gameboy. A phone should be phone.
This is what you get for making a phone "more than a phone".
Well that and price gouging. For example, a "quad-band GSM" phone often cells for $300 more than the average dual-band. However, going quad-band is mostly a small change in terms of the radio/hardware as it's just off by 50Mhz [e.g. the SWR won't be that high].
Hahahahahahaha
Tom
Someday, I'll have a real sig.
there are some other worms too... i guess one of them puts the picture of skulls in place of all your icons. can any slashdotter put up a link to all the known mobile worms and viruses, plz...
I use a v66 dumbphone. It makes phone calls It stores phone numbers. It does voice dialing But I haven't figured that part out yet.
Serves people right, quite honestly why idiots still continue to buy products containing embedded MS Windows cr4p is beyond me.
So don't panic too much about the Bluetooth infection method. When something truly independent like Code Red can spread via Bluetooth, that's when people will start leaving their mobiles at home. Hang on, there's an idea...maybe I can sell it to rail passengers and restaurant customers and make $$$$?
When I am king, you will be first against the wall.
And thus, a strong push for the argument that a phone should be just a phone.
I'll bring my gameboy along, I'm sure Metal Gear works better on a platform that games.
Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
But this isn't one of them.
People laughed at me when Bluetooth was first announced. I said I didn't want my cell phone or PDA being frisked by other units as I walked around.
I still refuse to carry any Bluetooth equipment. Who's laughing now?
And, more importantly, how long until a crooked cop uses such a vulnerability to plant evidence on your PDA?
Fox-DIE will kick in, and you'll have to get a new cell phone...
There's going to be a day when all cell phones are running servers over wireless for p2p communications. When that day comes, walking past the wrong person will hose your phone.
Burn Hollywood Burn
Gah! The thought boggles the mind.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
It would've been better if if made other people's phones display "!" and make a *RrrRRREEK!* sound when you walked near them.
"Oh look a Metal Gear Port.. horray downloading..."
"Dude you're cell.. it's dying I think..."
"Snake? SNAKE?! SSSSSNNNNAAAAAKKKKEEEEEE!!!!!!"
Just a boy doing unproffesional IT work that's way above his head.
Does anyone ever think of hitting the off button on there bluetooth?
God I hope I don't have to worry about viruses on my Sybian OS cell phone. Who knows how many people it might infect?
I want to delete my account but Slashdot doesn't allow it.
I fell asleep last night with the comfort of knowing that all Series 60 phone users were safe. In fact, I said a little prayer giving thanks for that. Tonight, I doubt I sleep at all, what with all the worrying I will do for those poor, poor series 60 phone owners.
they should have "Kept It Simple Stupid" make cellphones just be a cellphone, i dont need video games, i dont need music, i dont need a digital camera built in, i just want to make a friggin phone call...
/rant
but NNOOOOO, they gotta cram in all sorts of kludge making it more complicated, and vulnerable to attacks by malware...
So is this the next gear'? I was a little dissapointed with the lack of one in MGS3, perhaps this is Metal Gear Trojan!
Bipedal worm that can launch ddos attacks from anywhere in the world. Mwah.
So what we're saying is that if people download warez it might contain viruses. If people receieve a bluetooth message (think email) and run the attachment without thinking where it came from then they might get infected by a virus.
This is news ?
You can install a program on your computer that does bad things. Also on your Symbian mobile phone if you really really want to and decide to discard multiple warning messages.
Any real fan of the series would be expecting a set-up, anyway.
What if someone were to find an exploit in a few cell phone OSes? Then find an exploit in the routing software/hardware of cell towers?
Infect their own phone, that infects every cell tower it cells to, and that tower infects every cell phone it can see, etc.
I'd make the payload somthing to either disable the ringer, or play some annoying loud-ass tone for hours.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
"People laughed at me when Bluetooth was first announced"
I choose to steer clear of it due to its really idiotic name, anyway. It does not sound like high tech. It sounds like something you find in someone's mouth in the front row of a Willie Nelson concert.
I think I have this one on my web-enabled phone I'm using to get to Slashdot now. I see something odd happening to the icons in the cor $%$YT$%45#@544D3$ [end of line]
Don't blame Durga. I voted for Centauri.
"The worm cloaks itself in a cardboard box labelled 'dock A'"
"This looks like a pretty solid virus"
"Man this worm is huge! Its big enough to be a snake!"
"The virus next target is the new PSP handheld console, shooting high speed UMD's at your enemies rail gun style"
I guess I should expect to see people staring at their phones going "Snake? SSSSNNNNAAAAAAKKKKEEEEEE!!!!"
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
go ngage! go ngage!
The war with islam is a war on the beast
The war on terror is a war for peace
Actually, I'm laughing pretty hard at the thought people don't know you can disable bluetooth on phones.
I only turn mine on when I'm synching with something or using it as a data connection with my laptop.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'm getting around these problems, as I have done all I can to make my mobile phone very secure. You can see a photo of the modifications so far.
Don't blame Durga. I voted for Centauri.
You technodweebs that just have to have George Jetson crap get what you ask for.
I carry a TELEPHONE, that's all it does. I don't need to carry a frigging computer around on my belt, or play games, that's stupid. You have to have all this techno crap with you every waking second and now you have created your own personal hell.
My typical phone conversation.
(ring ring): Hello?
caller: My computer is messed up, help me.
me: What's your address?
caller: 1234 blah blah street.
me: I'll be right there. Bye.
typical total call time, under 60 seconds.
The number of times I've ever wanted to play a game, snap a photo, surf the web, send a TM using my cell phone? ZERO..
The number of times my cell phone ever failed me?
ZERO...
The kid across the street from me showed me his cell phone, the games it can play, pictures of his GF's tits, surfing the web in a 25x10 browser. Whoopty-doo....
For those with broadband.
That's awesome, but I wish these guys would put their brainpower and idle time towards something more productive, like OSS software development.
The problem is that much of what needs to be done is boring and/or unchallenging. Some folks program because they like to solve problems, the "journey", not because they have a strong commitment to a project, the "destination". In the OSS world there are lots of people who would like to work on the interesting things and if they cannot they are more likely to not contribute than go work on the boring parts. Commercial software has an advantage here, do the drudgery, collect a paycheck. The solution: more donations, less "free beer", that fund programmers to work on the boring stuff.
Well, kinda off topic... An InfoSec Christmas Carol - Tw4z t3h N1t3 B3f0r3 Xm4z #end shameless self-plugging #note: at least I'm honest
Makes me think that a Metal Gear Solid game would be a good idea for a phone, and the best part is that your service provider could bill you for each codec call you initiae to Meryl. And Revolver Ocelot could torture you by making you type an inane text message as quickly as possible using all capital letters and the words LOL and L8R.
And of course let's not forget being able to sit on a bus and make every other passenger listen to Liquid scream "SNAAAAAKE! PREPARE TO DIE, MY BROTHEEEERRR!!!!"
Yup...
Shuddering in anticipation of the "Naked Raiden" virus...
Metal Gear: Worm Eater
God spoke to me.
Was the last thing my phone said before being infected ;)
Join the Slashcott! Feb 10 thru Feb 17!
If so, we can expect something like this in the next game.
...
MGS4: Viral Snake
[CALL]
Mei Ling: Snake be careful when logging onto the various computers in the compound. They could be... boobytrapped.
Snake: Boobytrapped? How?
Otacon: Snake, haven't you ever heard of computer viruses?
Snake: Well yea.
Otacon: Those terminals will attempt to upload a trojan virus to any foreign piece of equipment that logs onto it. It makes them almost as dangerous as the guards around there.
Snake: But it's not like I'm a walking cellphone or something.
Colonel: Snake, this is serious!
Mei Ling: Actually, with the reprogrammable nanites in your body, you basically are.
Snake:
Otacon: Yea Snake. Try not to get hax0red out there.
Snake: Hax..huh?
Otacon: *sigh*
[END TRANSMISSION]
Nonsense, very poor analogy. The basic phone is a ubiquitous device that everyone knows how to use, that should not need an instruction manual. The cellphone should be the highly portable incarnation. "Grownup" models, forsakes the "kiddie" crap and make it smaller or enlarges the battery, are needed too.
I'm dreading the day when my four year old Motorola StarTAC dies.
Can you hear me now?
You don't have to use the adjective 'crooked' in front of cop anymore. The word cop says that itself these days. If you need to denote a cop who is not crooked, you HAVE to say 'Honest' cop however. Otherwise it is assumed that they are crooked.
That's why if I were to actually go about writing a virus, it would not actually disable any existing antivirus software at all, but would make suitable patches to the most common ones so that my virus would simply not be detected by it, thereby convincing most people into naively believing that their antivirus software is running as expected during what is actually the virus's dormancy period.
Why nobody else has tried this is beyond me.
Does the fact that I would even think of something like this make me a bad person?
File under 'M' for 'Manic ranting'
Just wait until people are bugging all your conversations by using your own cell phone right there in your pocket. Companies will need to ban cell phones from conference rooms because people can't trust them.
You think Windows is riddled with problems? Just wait until you see what script kiddie Bluetooth "hackers" do to people who don't even know their phones HAVE Bluetooth, let alone what to do with it.
[insert sig file here]
So who has more free time on their hands - the people who play online games on their phones or the people who write viruses for people who play online games on their phones.
I swear it's slackers like you that will lead to more ridiculous regulations.
I have to disagree. My cell phone is more than my phone. It is a device that I carry with me for many purposes. Sure I get calls on it, but that isn't the most important thing I use it for.
My main use for it turns out to be a clock that isn't uncomfortable to wear (I hate things on my wrist).
It also has some simple games good for keeping me entertained while waiting for the waiter to bring my order. (this is slashdot, of course I don't know any girls to eat with)
It is a handy kitchen timer that I can hear even when I'm at the other end of the house. The phone is on me, not the stove.
There is a useful calender that reminds me when important events come up. (A pain to enter them)
There is a calculator for times when I need to deal with more digits than I can remember at one time. I wish it has hex and graphics functions, but it works.
There is a camera attachment. Sure the pictures are poor, but it works, and I'm more likely to have this with me than a fancy camera.
All this, rolled into one tiny 1.5x4x.75 (inch) device.
What is this "cell phone" thingy?
Help! My phone slash mp3 player slash radio slash camera slash calculator slash agenda slash gaming device slash clock got a virus!
Actually I was in an channel some weeks ago and this dude was really upset on Noka for
1. Trying to sqeese the developers to pay for some "extended" "PRO" program,which you'd have to join (pay money) to get some API's (crypto etc),Documents and support.
2. Not releasing CodeWarrior mobile for free (They bought it), instead they are trying to squeese the developers for their last dime.
3.Not releasing the emulators for Linux (You have the J2ME ones...), even though they have been kind enough to provide you with an old gcc (crosscompile) on their site.
Well he went on (I prob missed a few things here) and said that someone ought to make some bad malware to "Phuck em up". I am seriously!! That was what he said (hackerish eh?...).
Was it this dude or was it someone else doin it for some other reason??
Just when you thought your Series 60 smartphones were safe, a trojan has surfaced ... that disables all anti-virus software...
If the things need anti-virus software, they were never safe to begin with.
Edith Keeler Must Die
Gee, phones with after-the-fact anti-virus software. Java. Custom games. Trojans posing as games. All because Symbian's the most popular OS for phones.
:-)
I don't suppose there's a Limited User mode for a phone, is there?
Use Evolution instead of Outlook? Bewa
For a bunch of self defined "nerds" people here sure have a problem with high tech phones. I guess they have never wanted to look something up on google in the car, or connect their laptop to the internet wirelessly, check their email, or take a picture of something funny or important.
My nokia 6600 is awesome, gets great battery life, and reminds me when i am supposed to be places. Bluetooth lets me transfer information from my laptop to it, such as contact and calendar events.
It has revolutionized the way I use my cell phone,
If all you want to do is talk on the phone, thats fine, but as a bunch of nerds you must see how the smart cell phone is the future. Oh yeah, it never drops calls either.
What, if anything, does this story have to do with adding/decreasing the credence of the "security through obscurity" myth/theory?
Is there something really valuable to be gained by hacking Symbian phones? Some financial motive that gets people motivated to hack. Or is it just an insecure OS easily hacked?
Where's my mobile firewall? 3G TCP/IP, BlueTooth, IR, serial... my "MiniMe" is wide open to any attacker who comes around.
--
make install -not war
Shucks---
Metal Gear Solid Worm? Like as opposed to a solid snake.
And is there a Liquid Worm out there, lurking?
(and no I am not a fanboy; those games *SUCK* big balls: I always though the solid and liquid snake names were some obscure Japanese fecal-matter reference).
In the free world the media isn't government run; the government is media run.
It is obvious that this is part of a conspiracy by the Patriots to cause an "apparent malfunction" within GW.
FISSION MAILED.
why would someone think that this virus poses a problem?
I work for a big, international mobile communications provider and most of my colleagues have those phones because Sytmbian 60 has a better usability than any other mobile phone OS in a modern gadgety phone. Not a single one of them ever leaves bluetooth enabled all the time because it sucks your battery dry in no time (with a 7650/3650 it reduces standby from 3-4 days with a used battery to about 1 1/2 days). Even if they did, the default is to ask the user before any communication with another device is allowed.
I see the problem with viruses on devices like that of course but unless you use really untrustworthy sources for your software there shouldn't be any problem.
I'd be more worried about wireless lan and the likes...
Waht the hell is a LEO? The generally accepted defination of LEO is Low Earth Orbit. What the heck are you noting?
"BitPim is a program that allows you to view and manipulate data on LG VX4400/VX6000 and many Sanyo Sprint cell phones. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones."
http://bitpim.sourceforge.net/
I've been using this with my LG vx6000 phone so I can use it as calendar and update from my work or home computer. Works for me...
Hmm.. Apparently nobody here has seen the movie Cellular ..
It's true. Viruses can bloom on the battlefield, Snake.
"We need to get over this notion, that, for Apple to win... Microsoft must lose." - Steve Jobs, 1997
Just call the Colonel or Mai Lin on your codec and they'll walk you through the process.
Why couldn't they have taken the cool path and named it "FOXDIE"?
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
Well this is the result of the _other_ choice.
Bascially you can have a very closed system like Verizon does with Brew, where you only allow applications that are certified, and go through a major publisher. Or you can have an open system where apps can come from anywhere and do anything.
OK, OK, I guess J2ME could be made to be in between with certain functions not available to the app -- but who wants to make an app that is restricted? (Not to get into another debate but as a developer I need to problem solve and the higher level languages ofter remove that ability).
Personaly, I vote for the open system. The closed system is just AOL'ing new phone users who don't know they should not be being charged 99 cents to put their own wallpaper on their phone. The closed system is also open to many internal conflicts of interest where crappy apps are put up just because they can be sold to an unsuspecting public when a brand is slapped on.
While slightly ugly, the Nokia 6600 can be purchased for $0 through tomorrow and has Bluetooth (not crippled V710 bluetooth) and a camera, video, etc, etc. Its programmable using Symbian, an open standard. You can buy a book, write a program, and put it on there...
Hello everybody!
I'm currently begining to study the security of symbian, but I can't get the source or binaries of any of those virus ("Skulls" and so on)and trojans.
Does anybody know how can I get them?
Thanks in advance
I'm not directing this at you, I'm directing this at the "community" at large. Your post just reminded me of this other problem.
**We** should be contributing to various organizations. As I said in the other post, less "free beer", consider it tipping the waitress/bartender. I guess this is the other OSS shortcoming, too many people expect others (government, companies) to pay. Few people donate their own time or money (buy CDs from org rather than download ISO, etc.) but they have lots of suggestions on how others should spend money or time.
I agree that some more personal donations would help. But I'm just pointing out that many companies and governments, which aren't in the business of selling software, would probably save money in the long run by financing OSS projects which they need instead of continually paying some overpriced vendor. The example of the German government commissioning Kolab I think is a good one; it probably cost them far less to pay some contractors to build this for them than it would have to pay per-seat Exchange2000 licensing to Microsoft every year (plus, that money stays in the country, which is always good). If lots of companies, and even better, governments, did this, OSS would really explode, even without individuals contributing any money. A lot of high-profit software companies would be in trouble with their shareholders, but that's their problem.
The problem is that governments are not really interested is saving money or OSS. In reality it is "local" politics. The German decision may be viewed as a jobs program, or possibly seeding a domestic software industry.
It is not government's role to take down high profit companies, and it is not only the company shareholders that would be in trouble, it is the employees who would be in trouble. The executives and such have their golden parachutes, the little guys get screwed. Things are far more complicatd than you suggest.
Up Up Down Down Left Right Left Right 1 2 #
---I'd like to see a minimal but "complete enough" distro released that costed something reasonable, say ten bucks, but every app's lead developer and the distro maker all shared in the cash pie. I wouldgladly supportsome effortlike that. It would be in the distros benefit to really pick and choose which apps to include, but their "community" would be the ultimate decision makers, and the various coders would know that their efforts would at least result in *some* coin.
--zogger, posted running BlueFlops Linux, two floppy distro with a graphical browser
It is not government's role to take down high profit companies, and it is not only the company shareholders that would be in trouble, it is the employees who would be in trouble.
You're missing something: the world has countries other than the USA, and it's not the job of other countries' governments to enrich companies in the USA.
If I were a taxpayer in Latvia, I would absolutely want my government to seed a domestic software industry rather than send money to some big corporation in the USA. The German government's decision here was absolutely the right one.
The problem is that governments are not really interested is saving money or OSS. In reality it is "local" politics.
Huh? Since when is it not the job of government to wisely spend its citizens' money? Again, you're viewing the world through USA-tinted glasses. Here in the USA, the government is indeed corrupt and does everything it can to give handouts to the rich and doesn't bother saving money or supporting local industries. However, not all countries' governments are this way, nor should they be. Luckily for the Germans, the German government appears to have domestic interests at heart and doesn't freely send their money overseas.
You're missing something: the world has countries other than the USA, and it's not the job of other countries' governments to enrich companies in the USA.
I have missed nothing. You are restating my opening comment: "The German decision may be viewed as a jobs program, or possibly seeding a domestic software industry."
Here in the USA, the government is indeed corrupt and does everything it can to give handouts to the rich and doesn't bother saving money or supporting local industries. However, not all countries' governments are this way, nor should they be. Luckily for the Germans, the German government appears to have domestic interests at heart and doesn't freely send their money overseas.
That is naive. Government corruption and waste is not USA-specific. There is no shortage of it in Europe. Also, the USA protects and promotes its companies as well as a means to protect jobs, tax revenue, etc. It has no need to promote OSS because the dominant companies are US based. In areas where the US is not dominant there have been similar activities. Things are far more similar on both sides of the Atlantic than you suggest.
There is limited user mode. Limit yourself :)
:)
1) Go to bluetooth preferences, make phone hidden. Make it visible just when pairing devices which you know.
2) Use major, big sites for software download. Prefer signed applications.
3) Use latest phone firmware (this costs money for Nokia)
4) Do not crack applications. Do not crack applications. Do not crack applications