New Trojan horses threaten cell phones
Three new malicious programs are hitting certain mobile phones, anti-virus companies have warned. The Trojan horses, or programs that are disguised as legitimate applications, spread via Bluetooth or multimedia messages and can affect phones running the Symbian operating system.
The infection rate so far from the new malware is low, Symantec Corp. reported in threat warnings issued last week.
The Bootton.E Trojan horse was spotted last week by F-Secure Corp. and Symantec and is perhaps the most potentially crippling of the three to those infected. The program restarts the mobile device but it also releases corrupted components that cause the reboot to fail, leaving the device unusable.
The Pbstealer.D Trojan sends an infected user's contact list, notepad and calendar to-do list to other nearby users via Bluetooth. The third Trojan, Sendtool.A, sends malicious programs such as the Pbstealer Trojan to other devices via Bluetooth.
Symantec and F-Secure both admit that these Trojans are unlikely to spread very widely. "They don't spread quickly because they're not purely autonomous," said Ollie Whitehause, a researcher with Symantec. Unlike worms on computers that spread without users knowing, the Trojan horses hitting cell phones spread as attachments that require users to download them.
So far, worms haven't hit mobile phones but it's very likely that people who write viruses are working on them, said Anton Von Trover, marketing manager for F-Secure.
Because current threats are caused by what David Wood, executive vice president of research at Symbian Ltd., calls user weakness, anti-virus software for mobile devices isn't necessary. "Unlike the case on desktop PCs where you need to have a firewall and antivirus software and you have to keep them up to date, that's not necessary on phones," said Wood.
But with the looming threat of vulnerabilities being found by malicious code writers, enterprises should do a better job preparing for the future, said Rob Bamforth, an analyst with Quocirca Ltd. His research shows that enterprises are much more lax about securing mobile handheld devices than laptops.
He advises enterprises to create a policy around securing such devices. Currently, that policy might not include anti-virus software because the incidence of viruses seems to be low. "But there will be a problem so they have to take the issue seriously while not necessarily taking every announcement seriously," Bamforth said. He cautions that historically, most reports of viruses on handheld devices have come from anti-virus software firms and not end users, an indication that infection rates are probably quite low.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
