"Airborne" mobile viruses have been increasing in complexity at a surprising pace. In the space of just one year, malware for mobile devices evolved to a complexity that took 20 years on desktop PCs. For example, we have already seen blended Trojan and virus threats that can spread through Smartphones using multiple wireless protocols. This could be problematic, as current mobile devices cannot support sophisticated antivirus software on current platforms.
Much of this “blended threat” malware activity has been seen on the Symbian Smartphone platform. For example, “Skulls” was one of the first trojans to infect Symbian Series 60 smart phones. When launched, the application claims to be an “Extended Theme Manager by Tee-222.” However, it then disables all other applications on the phone and replaces their icons with a skull and crossbones. Worse, it was more recently merged with Caribe to form the first “crossover” malware for smartphones.
Skulls and Caribe also merged to form Metal Gear, a trojan that masqerades as the game with the same name. Metal Gear uses Skulls to deactivate the devices antivirus. Thus, it was the first anti-AV malware for Symbian phones. The malware also drops SEXXXY.sis to the device, an installer that adds code to disable the handset menu button. The Trojan then uses Caribe to transmit itself to new devices
Another example of blending is the Gavno.a Trojan, which is spread via a file called patch.sis (it masquerades as phone patch). Gavno uses a malformed file to crash an internal Symbian process, thus disabling the phone. The effect is to disable all handset buttons and to completely prevent the user from making calls. It may also cause a continual rebooting loop. It is only 2kb in size, and it has already seen variants merged with Caribe to spread to other phones.
Other examples of viral evolution include the following:
- Dampig trojan: Notable in that it corrupts the system uninstallation settings, making it more difficult to remove
- Mabir virus: Similar to Cabir, but instead of Bluetooth it uses SMS to spread
- Commwarrior: also tries to disable the onboard antivirus software
- Frontal virus: causes a total system crash of the phone until it is removed
Conversely, the most recent type of malware does the opposite: it now cross-infects mobile devices from a PC. The first example of such malware, and the subject of this article, is a Trojan dubbed “crossover”, which spreads from a Win32 desktop machine to a Windows Mobile Pocket PC handheld.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.