Forgot your password?
typodupeerror

First Mobile Phone Virus Nears 2nd Birthday 101

Posted by Zonk
from the buy-him-some-cake dept.
An anonymous reader writes "ZDNet is reporting that the first mobile phone virus is almost 2 years old. F-Secure's chief research officer Mikko Hyppönen claims that although there are now over 200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs. 'The difference is that PC viruses were first found in 1986 and mobile phone viruses were found in 2004... So we are living in the equivalent of 1988 but in 1988 Microsoft or hardware manufacturers were not doing anything about viruses ... In the mobile phone world, all the mobile phone manufacturers are working on the problem as are the phone operating system manufacturers, like Symbian, Microsoft and Palm. Operators are on top of this.'"
This discussion has been archived. No new comments can be posted.

First Mobile Phone Virus Nears 2nd Birthday

Comments Filter:
  • 200 mobile phone viruses the problem is unlikely to get as bad as it has with PCs.

    Sorry?

    I wasn't aware that PCs had a virus problem.

    As far as I can tell, running a Personal Computer does not make you susceptible, running windows makes you susceptible. People running a decent O/S on their PC (OS X / openBSD / linux / etc) seem to be no more susceptible to viruses then phones are.

    (Interestingly enough, this ties into my latest journal - "Why is Apple afraid of being PC" [slashdot.org])

    Anway, back to the article, in addition
    • You have the usianTHEN.32 virus that transforms any uses of than to then to make you look illiterate.

    • Phones (or rather, some phones) have an architecture and design that makes it extremely hard or impossible to write malware.

      Desktop operating systems, whether that be Windows, Linux or Mac OS do not have such an architecture. They're all quite trivial to crack if you really want to.

    • >To go back to the windows analogy, if MS had controlled all email networks [shudder] back when Melissa / Lovebug / etc hit, it would not have been such a problem.

      I know some people who were working at Microsoft when "I LOVE YOU" hit, and it propagated through the internal corporate network just fine.

      Any network is hostile if it lets endpoints talk to endpoints and if the endpoints aren't trustworthy.
    • PC stands for Personal Computer, so we can extend the definition to include Macs, Commodore 64s... and why not toasters (ones that have embedded computers, of course).
      This misnomer always bothered me.
  • I disagree (Score:3, Insightful)

    by WinterSolstice (223271) on Tuesday May 30, 2006 @10:29AM (#15428103)
    I think that thinking of this in terms of "PC equiv of 1988" is BS. In 1988 people weren't even sure if the PC was going to last. The world had just gone from dozens of machines which were completely incompatible (Commodore, Apple, Timex etc) to one system emerging as an almost standard. I know that the idea viruses or worms getting to this point was certainly out of my head at that time.

    I also don't think anyone expected there to be so many machines attached to each other as we have now.

    Basically, I don't think that a cell phone virus would have nearly the impact of even a simple PC virus due to the fact that (as the article states) people just aren't that unprepared anymore. Maybe if we all were given wide open Windows !Smart Phones? Besides - I think my carrier would probably *charge* me to run a virus :D

    -WS

    • http://vil.nai.com/vil/content/v_1169.htm [nai.com]

      Stoned

      Type
              Virus
      SubType
              Boot
      Discovery Date
              02/01/1988
      • Whoa, blast from the past. That was the first virus that ever infected one of my machines.

        The "Your PC is now stoned" message brings back so many memories. Thanks...... I think.
      • What exactly is your point?

        What I was saying is that the AV companies are trumping this up as "Oh noes! We're at the beginning of a massive onslaught of viruses for cell phones!". I disagree that we are seeing any such thing.

        In 1988 things like Stoned came out (as you point out). However, the early viruses propagated mainly via shared files and boot disks. Cell phones by and large share only SMS messages, which go through a centrally controlled server (not a random ad-hoc network like email). SMS is very in
        • Bzzzt. Most phones can handle MMS now, which allows for absoultely huge 'messages' consisting of multimedia content.

          Plus, imagine if someone figured out a worm for something popular, like a razr, and promuglated it over bluetooth. :) BT might not be turned-on-by-default for many phones now, but some day it might.
          • I'm in the Philippines, the problem is pretty big here. It's restricted to bluetooth in so far as I've had any experience with it. Little more than a trivial annoyance, and pretty much exclusively limited to the Nokia brand (running symbian), maybe a few sonyericsson models in the P series. (I'm ignoring phones or PDA's that run Microsoft or Linux, since I don't own any)

            If I switch on bluetooth (SE K750i) and wander out on the balcony, usually in less than a minute or two I'll start receiving virus files. I
        • Phone acting weird? You reset it or take it back.

          heh, if only it was that easy. I tried to download and install IM software to my phone; to finish the installation, the phone had to reset. It did, but it never again go past the first verizon screen. It instead reset itself again and again.

          Verizon couldn't fix it (actually they blamed me), so the phone is now trash.

          • I guess it depends on where you take the phone and the mood of the person who helps you, unfortunately. I had a Nokia 3589i that I tried changing some setting on (don't remember) via the USB cable and some PC software (MobiMB). A few days later, when I rebooted the phone for other reasons, it got to the Verizon logo and rebooted... infinite reboot cycle. Took it to the nearest Verizon store and 20 minutes later they had fixed it and returned it to me, no questions asked.

            (Note that I am in no way recommen
        • My point is you're talking crap that you know fuck all about.

          > I also don't think anyone expected there to be so many machines attached to each other as we have now.

          In 1988 Fidonet had already been running for 4 years.

          Compuserve had POPs all over Europe.

          I first encountered Cabir in King's Cross train station in London, I'd left my Bluetooth on after toothing on the train.

          If you think people are unprepared, walk into a pub and search for Bluetooth handsets. And if you think that Joe Average has the slight
    • Basically, I don't think that a cell phone virus would have nearly the impact of even a simple PC virus due to the fact that (as the article states) people just aren't that unprepared anymore. Maybe if we all were given wide open Windows !Smart Phones? Besides - I think my carrier would probably *charge* me to run a virus :D

      So what does it matter if people are prepared for it? How has being prepared stopped Windows viruses and worms? And even if preparedness could stop viruses on the whole, it isn't like us
    • Actually, it's bullshit^2. Cabir was a proof of concept [thefeaturearchives.com] by 29a and was released in the wild without their consent. [netlux.org]

      But what could you expect of zdnet? Professional writing?

    • In the 80s I was discussing viruses which were spread on floppies with my friends. Some the BBS's I used scanned uploaded files for viruses. Many thousands of computers were already hooked up to Compuserve. People were definitely expecting millions of machines to be attached to each other in the near future. Viruses were already actively being researched.

      The reason personal computers will always be susceptible is because they're general purpose computers. A phone which only serves as a phone can not ge
  • I remember removing my first bluetooth virus awhile ago, and back then was thinking, pretty soon, well need to have Nortons running on our phones, which needs to be regularly updated. Think I'll just stick to my 3210. If only my phone could take a shower (Yes, aimed at you Zuma).
  • My N70 had norton (Score:4, Insightful)

    by vasanth (908280) on Tuesday May 30, 2006 @10:33AM (#15428125)
    I was surprised to see that my nokia N70 came with Norton anti virus for mobile phones installed.. And expected it was hogging my phone resource making the menus sluggish and got rid of the crap...

    I don't think mobile phone virus threat is much due to the varieties in platform the phones run.. Its just another way for anti virus companies to make money
    • Did it pop up a window every so often and say, "What you are trying to do isn't allowed! Quarantined, deleted, formatted and terminated. Resitance is futile. You will be owned!"

      mine does. ;)

      * lon3st4r *

  • by Anonymous Coward
    Most of those Mobile Viruses are on Symbian based OS and the S60 series phones seem to be the worst ones.
    • by Anonymous Coward
      "Would you like to install this application?"

      Yes

      "Are you sure? It's not signed"

      Yes

      "Are you positive, it could have come from anywhere!"

      Yes

      "Ok"

      Damn phone!! why can't it just make phone calls! boohoo
  • FUD (Score:4, Insightful)

    by edxwelch (600979) on Tuesday May 30, 2006 @10:36AM (#15428143)
    I think the origonal story, which stated that smartphones were unsecure, is total fud. A confirmation dialog box comes up on you screen when some one tries to connect via Bluetooth (and most people have bluetooth switched off anyways, becuase it consumes power), so really this virus would never have a chance to spread in real life and only seems to serve the purpose as a scare story
    • Most laypeople don't even understand what Bluetooth is let alone turning it off. This was a huge mistake assuming people understand why a port was open on a PC (135, 139) which gave way to massive worms and viruses. Even if you have Bluetooth turned off, that isn't the only avenue to spread a virus via cellular. Most phones nowadays have the capability to connect online somehow, so who's to say that someone couldn't craft in JSCRIPT or so.
    • by elodan (601886)
      The point is that some 'phones have a vulnerability which allows virii to spread without the confirmation dialog.
      • Can you point to at least one phone with such vulnerability and working expoit?
        Because I think there is no one.
  • by Alicat1194 (970019) on Tuesday May 30, 2006 @10:38AM (#15428154)
    Keep Bluetooth switched off unless you're specifically using it. No avenue of transmission = no virus.
    • that'll work for BT transmitted viruses... but more and more cellphones are starting to use internet-esque transmissions methods over broadband cellular networks.... I equate BT transmitted viruses to floppy boot-sector viruses you'd be warned about in school. When was the last time you infected your Windows box by putting a rouge floppy in? How about from the Internet?

      I think we need to take a more serious look at this problem. In the 70's and 80's, people laughed off the possibility of threats like th
  • by packetmon (977047) on Tuesday May 30, 2006 @10:50AM (#15428212) Homepage
    Just because there aren't as many at this time doesn't mean it isn't likely to become a big issue in the future. What I perceive happening at some point is a rogue group creating viruses to steal contacts then selling those contacts. Imagine the market for say Pamela Anderson's phone list... Imagine one for say the phone list of the President. While doing network studies (CCDP) I thought about the dangers of a multicast worm/virus. It would work spoofing corrupt images say to MSN messenger or Yahoo messenger or any other IM client which is streaming ads... Once streamed an infected image would take over a victim machine... While the concept is theoretical it isn't that far fetched...

    • What I perceive happening at some point is a rogue group creating viruses to steal contacts then selling those contacts. Imagine the market for say Pamela Anderson's phone list... Imagine one for say the phone list of the President.


      I assume these rogue groups aren't interested in Pamela Anderson's email contact list
      or the President's email contact list but only in their phone lists for some reason.
    • Can't, sorry

      "Imagine the market for say Pamela Anderson's phone list..." pictures yes, 'phone list no.

      I refuse to believe that this exists

      "the phone list of the President" Name one president in office who knows how to use the 'phone ! Majority of them can't find the way to the toilet without help.
  • Even if today the thread is quite small as most blue tooth are off, once 3th generation phones will become popular and people will have services running on their phone and stay mostly always connected (imagine a messenger services on phones, sure some kids will love that) the thread will grow increasingly.
    That's why it's important too take in account those potential threads when designing today the phones of tomorrow. We have a long experience with Os's and viruses, much major mistakes can still be avoid
  • The summary.... (Score:1, Offtopic)

    by MustardMan (52102)
    The summary.... is so confusing but i only read it once and it gave me a headache.... so i wonder if the people at zdnet passed grade school grammar... in the interweb world, all the article writers are making run-on sentences with no punctuation as are the submitters on digg, youtube, myspace, and slashdot. My migraine is on top of this one.
  • Yeah, maybe theyre (I know I missed an apostrophe in that word, but for some insane reason FF keeps popping up the search (as in ctrl-f) box when I hit apostrophe but wont print it. wtf?) working on it, but not many virus -writers- are. If more people were focusing on writing viruses for cell phones and PDAs, you can bet your ass viruses would be all over. Theres an entire industry for stopping viruses, not to mention public and government pressure on OS makers like MS, and look how much good thats done.
  • by that I suppose they mean locking out the phone o/s to those who pay for certificates to sign their software with.

    nobody will be able to crack that
  • The really bad news will come when vira will be available for:
    - iPod(tm) through infected MP3s
    - bluetooth earpieces through special whistles
    - digital wrist whatches through vired organic batteries

  • Makes me glad that I never upgraded my reliable Nokia POS. Monochrome screen, no blue tooth, no browsers, no camera, no nothing. Just a phone, that's all.
  • 1986? (Score:3, Interesting)

    by XO (250276) <blade@eric.gmail@com> on Tuesday May 30, 2006 @11:33AM (#15428474) Homepage Journal
    I know Mac and Amiga had tons of viruses before 1986, and I'd be willing to bet PC's did, too.. just that PC's weren't quite so much for game use, so there wasn't nearly as much pirating going around then...
    • Well, they specifically said "first PC virus". The first virus on PC was Brain [wikipedia.org], which was in 1986.

  • F-Secure (whom I usually like) says that OS makers are prepared for the malware threat and that malware will fall on stonier ground that it did in the desktop PC world.

    The phone OSes, oblivious to every lesson from the desktop world, are allowing software downloaded from a hostile network to do things that cost the user money and to propagate itself. If the OS makers were "prepared" they'd all be running that code in sandboxes, or virtualized, or at the very least with egress filtering ("Do you want to send
  • Couldn't it be because they just don't hook their phones up to a pc really? Even when downloading material, 90+% of subscribers will d/l from their provider. But in reality, most people won't download anything due to the fact it's just so damn expensive and has these insane license agreements. Plus people aren't really jumping on the whole "computer phone" idea like manufactures thought.
  • The problem we have on PCs is that the OS lets anything execute and then we run AV software that tries to stop a list of things running. What we need to do is have the OS whitelist good software, not blacklist all the bad.

    Mobile phone OS designers have made the exact same mistake and in an environment that is far more conducive to viruses.
  • You may want to read this article: http://www.newlc.com/The-Most-Important-Aspects-of .html [newlc.com]

    It is a very good summary of the known viruses and prevention mechanisms for Symbian phones.
  • now over 200 mobile phone viruses...Operators are on top of this.

    To quote Roger Rabbit: "I don't think so."

    If anyone was on top of this, there wouldn't be over 200 mobile phone viruses out in the wild. There would be none.

  • Actually, my school was slammed by a phone virus that jumped onto the pc network after someone connected their phone to a pc over xmas break. They had to reimage the entire school. I thought it was hilarious because they take such a unnecessarily draconian stance on certain aspects of security but leave gaping holes like this. Serves them right, I'm glad I graduated and am moving on.
  • Yes, you, you darned virus. We have had such a love-hate relationship the past two years. You love me, I hate you. Or at least you love me for my phone. Is that all I'm good for? Huh? Is it?! Fine, then I hope you have a craptacular birthday because you make people miserable. Viruses suck! That's it, I'm going to become a wormer. And yes, that cake is flavored with cyanide. Jackass.
  • There was an imode virus in Japan in 2000, that caused phones to dial emergency services:

    http://specials.ft.com/telecoms/sep00/FT3R3BJ29DC. html [ft.com]
  • new viruses don't need to be complex. actually, much like the "i love you" virus, i don't remember the name but a new one reads the contact list and sends an mms message to them. (bummer for the person who will see his bill shoot up.) of course the receiving person will highly likely open the attachment since it came from someone they know and not from anonymous and unverifiable sources such as e-mail. they will open it and they spread some more.

    my point is, i believe it is easier to prey on human weakn
  • The way I see it, outside of techies who just love gadgets, there would be two groups who would use smartphones:

    1. Business persons using them in a PDA style application.

    and

    2. Silly boys/girls with rich parents who think they're better people because their phones are more expensive.

    Now I find it unlikely that a business person would accept a bluetooth transfer if they didn't know what it was, assuming they weren't in a rush at the time. Even if they WERE in a rush, they'd probably walk out of transfer range

System checkpoint complete.

Working...