Trojan disguised as Flash player targets cell phones

Such malware is 'going to get a whole lot worse,' says a security researcher

An updated variant of the Skulls Trojan horse comes disguised as a new version of the Macromedia Flash player to fool users of mobile phones running the Symbian operating system.

Skulls.D disables applications needed to remove it, drops the Cabir.M worm onto phones and informs users that they have been infected by displaying a full-screen flashing skull, Mikko Hypponen, director of antivirus research at F-Secure Corp. in Helsinki, said today.

Once users download and install this program, it will overwrite applications designed to either fight or remove it. Infected users are also unable to browse their file system or install new programs, forcing them to reset their phone to its default factory conditions.

F-Secure issued an alert on its Web site Monday after receiving reports of infected phones from two users, Hypponen said.

People most likely to be hit by Trojan horse programs such as Skulls are typically users who like to download new software either from Symbian freeware Web sites or peer-to-peer networks, according to Hypponen. "Users who are really at risk are those looking for pirated software," he said.

The Cabir.M worm, which Skulls.D drops onto phones, overwrites all short-range Bluetooth radio applications so that infected handsets, once booted, constantly scan for other Bluetooth-enabled devices and send them a corrupt file.

Users are asked if they want to install the file. If they accept, the Bluetooth applications on their phones are immediately overwritten, and their handsets then attempt to pass on the file to other Bluetooth devices in the vicinity.

"Most people find out that they've been affected by the Cabir worm when the battery life of the phones falls dramatically, to about a half-day instead of the average three days," Hypponen said.

Asked if the various Trojan horses, worms and viruses that began to affect smart phones earlier last year were all created and contained in the labs of antivirus companies such as F-Secure, Hypponen said "absolutely not."

In an interview late last month with The Associated Press, Graham Cluley, a senior technology consultant at London-based Sophos PLC, was quoted as saying that his company had seen no reports of mobile phone users experiencing malware in their daily use, and that the only reports it had seen documented were of "antivirus researchers sending them to each other in their labs."

"Most of the cases we have come across are from real users in the field," said Hypponen, whose company, F-Secure, develops and markets antivirus software. "We have, meanwhile, collected reports from users in nine countries."

Hypponen said that although malicious programs aimed at new smart phones are not yet a huge problem, "they are a problem, and they're going to get a whole lot worse."


Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon