Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Symbian OS virus to replicate over MMS

Posted by CmdrTaco on from the only-a-matter-of-time dept.

Shachaf writes "A new virus, CommWarrior.a, is the first to replicate over MMS (Multimedia Message Service). From the article: 'Multimedia Message Service (MMS) is a more advanced version of the Short Message Service (SMS) familiar to users of GSM based handsets around the world, and allows rich content such as pictures, sounds, video, and applications to be sent as well as text.', and '"With MMS messages typically costing between $0.25 and $1.00 CommWarrior could prove expensive to anyone unlucky enough to be infected by it. As the virus runs silently in the background it could be quite some time before the user becomes aware of the potentially hundreds of MMS messages that have been sent," said Aaron Davidson, CEO of SimWorks.'"

13 of 179 comments (clear)

  1. another good reason to have a simple cellphone by Anonymous Coward · · Score: 5, Insightful

    All of my coworkers laugh at me for using such a simple phone with only basic features and services. Guess there are some benefits afterall.

  2. Liability by Thnikkaman · · Score: 4, Insightful

    I wonder if this falls under the protection of the service provider. It seems to me that they shouldn't be able to charge the user for a vulnerability on their part, but what companies should do and what they actually do are very different things.

    --
    Four roommates. No microwave. You do the math.
  3. If the virus sends a relatively uniform... by HaloZero · · Score: 4, Interesting

    ...message, on an already well known-format, shouldn't it be possible for service providers to block the messages through the MMS MX handlers? And/or simply not bill the customer for the sum of messages sent with that format. Of course, isolate them from the network if possible (remove their permission to emit MMS messages at the MX) until the malware can be removed from their device. Just a thought. Doesn't really seem right to charge users for something like that, espicially the less savvy who might not know-any-better.

    --
    Informatus Technologicus
    1. Re:If the virus sends a relatively uniform... by Capt'n+Hector · · Score: 4, Funny
      "Doesn't really seem right to charge users for something like that, espicially the less savvy who might not know-any-better."

      Yeah, god forbid a cellphone company take advantage of unsavvy customers....

      --
      Quid festinatio swallonis est aetherfuga inonusti?
      Africus aut Europaeus?
    2. Re:If the virus sends a relatively uniform... by plover · · Score: 5, Insightful
      It's not in the short-term best interests of the cellular providers to block the virus. First, it involves acknowledging the virus exists, which tends to scare people. Next, and here's the cynical greedy part, people who blindly pay their cell phone bills every month without complaint make up a large part of their customer base. If they can make a few million dollars off the virus, where's the incentive to shut it down? Willingly give out reimbursements to anyone who complains, but let the rest of them just continue to fork over cash.

      Sorry to be so cynical, but I just see these "services" (and all cell phone costs) as tremendously overpriced. It's just data. The bandwidth has a fixed cost (it's just the sum of maintenance, capital investments, marketing, etc.) Throw in 10% or 20% over cost for a profit margin, and call it done. But no, they have to have "minutes" and "plans" and "packages", all of which are expressly designed to mislead the buyers into spending as much money as possible, regardless of the amount of "service" they "consume." And we, the sheeple, consume it readily.

      --
      John
  4. Re:It's a bit offtopic, but.. by hsmith · · Score: 4, Insightful

    Why? Because it is PURE profit right now, if everyone is charging the same, they all can milk users while they can. One day it will be competitive, right now they all "agree" to keep prices high to rip off users. Do you really think SMS messages cost the $.20 they do to send? of course not. $.01 would be expensive still.

  5. Wow! by FreeLinux · · Score: 4, Insightful

    What a remarkable "coincidence".

    I never put any credence into the ativirus companies writing viruses conspiracy theories but, that one's just too fishy.

  6. Trojan not virus by lxdbxr · · Score: 5, Informative
    I know the nomenclature is largely ignored nowadays, but I would call this a trojan not a virus since it requires the user to run it to start spreading: Quote from the ZDNet version of the story:
    A recipient also has to accept and download CommWarrior in order for the Trojan to launch itself.
    It's not like it starts running as soon as you open the MMS message; you actually have to take steps to run the application contained in the message. Of course some people will run anything...
    --
    -- Nothing unusual happened today
  7. Re:Eh.. by plover · · Score: 4, Insightful
    If I had a phone like this and it was infected, and it ran up a huge bill, I'd first talk to my service provider. If they refused to waive the charges, I'd then talk to the cell phone manufacturer.

    Seems like the cell providers could kill this quickly. Can't they recognize the virus signature in the messages that are transmitted? And can't they trace them back through the links to find out where it originated? Are there really holes that big allowing people to upload crap like this anonymously?

    --
    John
  8. Well at least there's one alternative by PsychicX · · Score: 4, Funny

    Get a Windows CE phone :)

  9. Should this cost consumers? by junkcannibal · · Score: 4, Insightful

    It seems to me that since most people get their phones for free when they sign up for a plan, the cell phone companies should bear the cost of this virus. This cost will inevitably be passed on the the concumers. My point is that it should be the responsibility of the cell phone companies to keep their products and their networks free of viruses. Dwight Yokel BEEP BEEPING his neighbor in the next trailer over, should not be expected to pay and money or attention to this sort of concern or worry about extra charges on his bill because his cell phone company runs a flawed service.

  10. Looks like a trojan, not a virus by bojanb · · Score: 4, Interesting

    From TFA:
    CommWarrior periodically sends MMS messages to randomly selected contacts, including a copy of itself and one of several predefined text messages designed to encourage the recipient to install the application.

    Doesn't really seem this is Symbian's fault, CommWarrior just behaves like a malicious application. The user obviously has to install it and then run it to get 0wned.

    Of course, some sort of sandbox environment like in Microedition Java would have been a better design, but I guess Symbian simply wasn't built with something like this in mind. I know Nokia is pushing a model where only certified developers will be allowed to write applications that access sensitive functionality (dialing numbers, sending messages, etc.), but this is not a great solution. It will drive the cost of applications way up, and shaft all the small app developers, because only the big guys will have their apps signed by Nokia.

  11. Um...it's transmitting by SamMichaels · · Score: 4, Interesting

    Perhaps I mis-RTFA or just don't understand MMS, but whenever my mobile is active it causes amplifier noise (talk or send/receive SMS). CDMA or GSM. Computer speakers, car stereo, whatever. Wouldn't a constant transmission be noticable?