‘Sexy view’ worm takes first step towards mobile botnets

A security vendor has released details of a new SMS mobile worm that uses a breakthrough propagation strategy and is targeting mobiles running the Symbian operating system.

A new short messaging service (SMS) worm has been detected in the wild, with the potential to change the rules of the game when it comes to mobile cybercrime.

Security vendor Fortinet's FortiGuard Global Security Research Team has revealed details of a new worm it has detected, which targets handsets running a version of the Nokia-owned Symbian operating system (OS).

Advertisement - Article continues below

The SymbOS/Yxes.A!worm worm propagates itself by gathering phone numbers from the infected device's file system. It then repeatedly attempts to send SMS messages to those phone numbers inviting recipients to "click here to see sexy girls". Because of this, it's been termed "Sexy View".

The SMS features a malicious web address that, once visited, downloads a copy of the worm.

The worm bears a valid certificate signed by Symbian, and installs as a valid application on factory mobile devices running the third edition of Symbian OS S60.

Guillaume Lovet, head of the threat research team at Fortinet, told IT PRO that handset owners are unlikely to be aware their data has been compromised, as the message propagating it will originate from a known contact.

"It's worse than Facebook say, because you tend to have more trust in people whose numbers you have in your phone," he said. "And it's meant to be stealthware, as there's no sign, like new icons, that it's been downloaded. The only thing you will see is your SMS bill grow."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The Sexy View worm could potentially infect any phone running the vulnerable Symbian OS version, including a wide range of Nokia models. But it may run on a wider range of devices, as it has been reported to function on phones operating SymbianOS S60 3rd edition FP 1, like the Nokia N73.

Lovet added: "We could not get it [the worm] to do anything on the N90, which is the most popular device running this OS. But that could be because the handset we tested did not have the configuration the worm was expecting."

The worm's aim is to gather personal intelligence on the infected victim - such as the serial number of the phone, subscription number - and post it to a remote server, likely controlled by cyber criminals.

"This is a step towards the first mobile botnet," observed Lovet. "Smartphones are basically more like PCs nowadays, but they have a billing system."

Advertisement - Article continues below

Although the purpose of worm's gathering of such data was not clear, he said it could be used to initiate mass downloads of paid-for ringtones and games netting potentially large sums for criminals or even to spread new viruses.

Nokia's press office said in a statement: "We have received a note from Nokia Beijing concerning S60 3rd Edition malware spreading in China. To our knowledge, this malware has not been identified elsewhere.

"Nokia takes security seriously in all phases of the mobile communication systems development process, and will continue to investigate and analyse this malware using our normal processes and comprehensive testing."

The mobile firm also reminded users about the importance of their own awareness. "Users can help to protect their mobile device against harmful applications by their own actions, for example exercising caution when opening unknown web links they have received in their devices, accepting applications sent via Bluetooth or opening MMS attachments, as they may include software harmful to their devices," it added.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/security/ransomware/355811/how-can-organisations-protect-themselves-from-nas-ransomware-attacks
ransomware

How can organisations protect themselves from NAS ransomware attacks?

28 May 2020