« Monitoring and Early Warning for Internet Worms | Main | Can we contain Internet worms? Microsoft's Project "Vigilante" »
New Cellphone Worm: CommWarrior
A new worm has emerged which demonstrates the power of using a technology like MMS to send and receive malicious traffic. Formerly, the only cellphone worms that we had seen were like Cabir, which uses Bluetooth to spread, but it requires that the user accept the file transfer. A new worm, Commwarrior, appears to be a step forward for mobile phone malware. Details from today's F-Secure antivirus weblog:
We're currently analysing CommWarrior, which runs on Symbian Series 60 platform. It attempts to spread over both MMS and Bluetooth. The virus seems to be from Russian, as it contains text that says "OTMOP03KAM HET!". Which roughly translates to "No to braindeads".
More information on CommWarrior is available from F-Secure's CommWarrior page. No other vendor has posted any information as of yet on this worm. Note that F-Secure sells an AV product for mobile phones.
The MMS protocol is very similar to normal Internet mail traffic, and includes MIME attachments and auto-open and execution, just like problem email clients. This then allows for all sorts of nastiness to ensue with your infected phone and malicious attachments. Due to the workload in the file transfers, an infected phone is likely to be sluggish or even stall, upsetting infected users. This helps minimize the likelihood that someone would be spewing mobile phone malware without knowing it. [Thanks, Arrigo.] Also note that the phone network is a centralized and managed network, and unlike the Internet message routers exist. This allows for a filter to be placed in the network and effectively stave off any worm infections, and even block access to the infected phone.
Regular readers might be asking why wormblog doesn't post more stories on new worms more frequently. Let's face it, new mass mailer worms appear at least daily, and they're usually variants on a theme. Most of the new network based worms at this point are variants of existing worms (ie the Rbot family). And most other worms are relatively low impact or not displaying any new techniques (aside from repackaging). Hence, keeping up with this would be a time consuming and a relatively low value activity. For new worm announcements on such a regular basis I suggest you read the F-Secure Weblog, for example, and use an RSS reader to keep up with some of the latest virus and worm alerts from Virus and hoax information RSS feeds from the Sophos site or the eAlladin Virus feed. Wormblog will continue to bring you information about new major threats, new developments and trends, and (of course) lots of research information.
One trend that has been visible to me and others is an uptick in IM worms. Note that we're not covering them substantially here because they're derivative works, have so far not been a world-wide epidemic, and don't yet demonstrate anything significant. However, this increased interest in them is a worthwhile trend to note, and we'll keep our eyes on it.
March 7, 2005 in new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
Really good article. I have been following your blog for last 3 months. You have good knowledge
on Mobile(cell phone) Industry and happenings. Please continue the good work. Thank you.
Posted by: satya | Oct 8, 2008 10:42:40 PM
the worm did originate in russia written by a member of 29a called whale
Posted by: 1 | Sep 25, 2009 4:02:21 PM
Wow, What a great post!!! Cell phones were big targets for hackers and virus writers, despite its large volume. However, based on a mobile phone expand, which can be more attractive target. There are more details about CommWarrior which is available in this post.
Posted by: Donna Harris | Jan 18, 2010 4:54:16 AM
Google gets into the messy business of telecommunications. I don’t mean to say Google’s day job is easy but the telecom market gets it involved with government agencies like the FCC on a more regular basis. Like many other large telcos the company will have to spend more and more money lobbying and technology differentiation may be less important than government regulations in ensuring future success.
Posted by: kamagra sale | Apr 27, 2010 10:49:00 PM
A new worm has emerged which demonstrates the power of using a technology like MMS to send and receive malicious traffic.
Steve
Posted by: steve nicks | Jun 8, 2010 6:27:20 AM
Virus and worms is very rampant now especially so that most phones are already accessible to internet etc... the worst thing is that you don't know what is happening in your phone. you will just be surprised with your phone bills later on or some friend of yours nagging you for sending them unwanted messages.
Posted by: Jane | Feb 1, 2011 3:39:56 AM
The comments to this entry are closed.
