Lavasoft News - February 2007

Mobile Malware Strikes

Since the news first broke of companies creating mobile "snoopware" to allow consumers to monitor their partners' text messages and calls, there have been growing privacy concerns over spyware running on mobile phones. Now, the threat landscape is changing to include malware, SMS phishing, and viruses, as criminals set their sites on cellular.

Commercial applications like Vervata's FlexiSpy, which silently record mobile phone calls and SMS messages to transmit them to a remote server, are designed to be "fun tools" to keep track of what spouses or children are doing on their mobile phones.

But, the mobile phone snoopware also has the classic signs of computer spyware: it often installs without any indication of what it is, hides from the operating system, and passes information on to a third party.

Security company F-Secure calls the FlexiSpy software a Trojan. According to their research, phones with spying software typically utilize SMS forwarding, SMS and voice call log information, remote listening, covert conference calling and localization services.

"This basically means that if the victim has a full-featured spy application installed on their phone, they have no privacy whatsoever and that the one controlling the software has access to all of the information that the phone has," said Jarno Niemela, F-Secure's spokesman.

Concerns have been raised in the past that the application could be abused by malware that installs as part of a payload, or by a hacker sending it to open phones in the hope that curious people would try to install it.

As our phones take on more of the capabilities of our computers, attacks targeting mobile devices are on the rise, security analysts say.

This past December brought the news that spyware applications targeting the Symbian operating system for mobile phones had been found. According to researchers at McAfee, the spyware application is bundled together with a variant of the Multidropper mobile phone Trojan, tracking text messages and copying log files with the phone number of incoming and outgoing phone calls.

This type of malware not only indicates that mobile phones will be increasingly targeted, it also shows a change in direction for malware authors. "Rather than destroying data and information, it is stealing it for profit," Jimmy Shah, a mobile antivirus researcher at McAfee, said on a company blog.

Security vendors have also noted incidents of criminal phishing through SMS. Coined as "smishing" attacks, consumers are typically warned that they will be charged a certain amount of money per day if they do not cancel a fictitious website purchase. When victims attempt to cancel the order, they often hand over confidential information, or leave themselves open to malicious websites.

Smart phones, combined mobile and PDA (personal digital assistant) units like the popular BlackBerry, are sure to be regarded with more interest by hackers. Global shipments were said to have increased 66 percent to 81 million units in 2006, according to Gartner's predictions.

That may not bode well for Apple's iPhone, which is due out on the market in June as a combination camera phone, PDA, multimedia player, and wireless communication device. While some security analysts say that malware concerns are premature, especially since consumers will be limited to installing certain third party applications on the iPhone, reports of hackers salivating over it are already circulating around the web.

One of the hackers behind the "Month of Apple Bugs" project, aimed at disclosing new Apple vulnerabilities, reportedly wrote in an e-mail to IDG News Service, "If it's really going to run OS X, [the iPhone] will bring certain security implications, such as potential misuses of wireless connectivity facilities [and] deployment of malware in a larger scale."

This year may also bring the first large-scale cell phone virus strike, according to analysts. Malware developers could implement an attack if they create a way to embed a virus in VoIP programs that users download to their mobile phone operating systems to reroute pricey mobile phone calls to the Internet.

Home  arrow

 
Trophy Image
Extra! Extra!
Ad-Aware Breaks Records at Download.com.
Read all about it here.
Stats
More than 3/4 of Americans are net users, spending an average of 8.9 hours online a week. For the first time in 2006, the number of women logging on equaled the number of men.
Source: Survey from the Center for the Digital Future
Cookie Image
Term(s) of the Month
A cookie is a piece of data that a website saves on a user’s hard drive and retrieves when the user revisits that site. It may use a unique identifier that links to login data, preferences, etc. A tracking cookie is any cookie used for tracking users’ surfing habits. They are typically used by advertisers wishing to analyze and manage advertising data. Read more in Lavasoft’s Spyware Glossary.
Tech Tips
Did you know that the Lavasoft Support Forums are the perfect place to go for up-to-date technical advice? Forums Administrator Janie Whitty, aka Calamity Jane, checks all new posts made. Lavasoft staff members regularly go in to read and post. We also have a team of international volunteers who help our users with their questions and concerns. If you do not already have an account sign up today at www.lavasoftsupport.com. There are currently more than 15,000 registered members!
Letters to the Editor
Thanks to all of you who wrote to us with your thoughts on spam and the future of e-mail. Spam definitely gets people talking. Read some of your letters here.
Text Size
If you think the text size on the back pages of Lavasoft News is too small, remember you can adjust the sizing in your browser when reading our newsletter online here.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
Home HomeAbout LavasoftPrivacy Policy