Symbian malware takes money from phone
Hackers have discovered a new way to steal your money: texting it out of your phone.
Security vendor Kaspersky Lab says it has spotted new variants of a Trojan horse program that do just that, by taking advantage of a feature that lets mobile-phone users in Indonesia use SMS (Short Message Service) text messages to transfer money in their mobile accounts from one phone to another.
The software is a variant of the Trojan-SMS.Python.Flocker malware, originally written by Russian fraudsters. This software had been used to sign unwitting victims up for expensive mobile services such as ringtones, presumably with the program's authors getting a healthy kickback. "It seems like some Indonesian guys had a look at this stuff and thought, 'Hey, we could do this in Indonesia,'" said Roel Schouwenberg, an antivirus researcher with Kaspersky.
For the attack to work, the victim must first be tricked into downloading the Python.Flocker program onto a Symbian-based mobile phone. Once installed, the software uses a feature available to Indonesian mobile-phone users that lets them send a short SMS message to another subscriber that transfers the money into their account. The Trojan transfers the equivalent of between US$0.45 and $0.90, depending on which version of the program is installed.
The Symbian operating system is used in phones made by Nokia, Motorola, Samsung and Sony Ericsson, among others.
Criminals have created banking Trojans for the PC that silently transfer money during online banking sessions, but this is the first time Schouwenberg has seen this type of behavior on a mobile phone.
Schouwenberg did not know which Indonesian mobile service provider was targeted in this attack.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
cell phone
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
