Crippling worm attacks Symbian-powered handsets
February 23, 2009
Two Symbian-powered Nokia phones
Nokia's Symbian mobile operating system has been hit by a worm that spreads via text messages and incapacitates mobile phones.
Called Yxes, the worm is targeting mobile devices running SymbianOS S60 3rd Edition FP 1, but may run on a wider range of devices. It bears a valid certificate signed by Symbian and, as such, installs flawlessly on mobile devices running S60 3rd Edition.
"It harvests phone numbers from the infected device's contact list and repeatedly attempts to send SMS messages to those," said the Fortinet Center's in-depth analysis of the worm.
"The messages feature a malicious Web address and when clicking on this address in the received message, the recipients will effectively download a copy of the worm provided their phones/subscriptions allow for Internet browsing," the analysis said.
Fortinet is a provider of Unified Threat Management security systems that enable secure business communications.
The company is warning Nokia phone users to be aware of the threat.
The worm also destructs a victim's phone by killing the task or application manager. Yxes is a lot more sophisticated than worms in the past.
In 2004, the Cabir worm attacked Symbian phones by spreading through file attachments shared via Bluetooth and memory cards.
Yxes spreads much faster and can mutate since it spreads by downloading a new copy of itself from a malicious Web server.
Fortinet said that cyber criminals can add or remove functionality and target a specific area or to get more data.
The intelligence data sought after by the worm consists of the phone's serial and subscription number.
According to Fortinet, the worm gathers this information about a device and posts it to a server where the data can be viewed by cyber criminals.
The worm is believed to be aggressive, since it automatically runs every time the device is rebooted.
"As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts," the Fortinet analysis said.
"However, since the copies hosted on the malicious servers are controlled by the cyber criminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality."
- Trackback url: http://www.mobilemarketer.com/cms/trackback/2692-1