Virus writers have come up with a way to make their malicious software jump from a mobile phone to the PC.
Security researchers have reported the first sightings of a new trojan program, which masquerades as pirated software for mobile phones and attempts to infect PCs via the phone’s memory card.
Although the malware is not considered to be a significant risk to users, it marks the first time that researchers have seen an attack that tries to move beyond mobile phones says Mikko Hypponen, director of anti-virus research with F-Secure.
“From a more academic point of view it’s very interesting,” he says.
Trojan malware gets installed on a device by masquerading as some other type of software. In this case, the trojan appears to be a pirated version of a mobile phone game that users can download from the web, Hypponen says.
Antivirus vendor Trend Micro rated the potential for infection from the trojan, called Sybos/Cardtrap.A, as “low” in a statement released last week.
The trojan includes a variety of malicious programs, including a number of viruses that spread from phone to phone via Bluetooth or MMS (Multimedia Messaging Service). It can affect mobile devices running Symbian’s Series 60 operating system, as well as Microsoft’s Windows operating system.
Symbian Series 60 software is used in handsets from a number of vendors, including Nokia and Siemens.
The Sybos/Cardtrap.A software attempts the jump to PCs by copying two Windows worms to the mobile phone’s memory card. A user who then inserts this card into a PC and clicks on one of the infected files will launch a worm that attempts to spread to other PCs on the network.
Mobile phone attacks have been on the rise, although they are not nearly as widespread and disruptive as PC worms and viruses. F-Secure estimates that 28 countries have now reported instances of the Cabir worm, which uses Bluetooth connections to spread between Symbian-based phones. Another Symbian worm, called Commwarrior, has been reported in 19 countries, Hypponen says. Commwarrior can spread via Bluetooth or MMS messages.
Hypponen, whose company sells antivirus software for mobile phones, says that these mobile attacks are still in their infancy. But the security researcher expects more sophisticated attacks to follow, as was the case with PC viruses.
“It took 15 years for the first money-making viruses to emerge for the PC,” he says. “On the mobile side, I’m sure it will happen. It just hasn’t happened yet.”