中文(Chinese) 英文(English) Tel: 4006-858-981           Msn: China@Safe.sh         QQ: 7387526       Server Hosting        加入收藏
主页 >> 精辟见解
精辟见解
分类
Mobile malware
Until now, the main focus of malware authors has been desktops and laptops. However, since the appearance of Cabir in June 2004, there has been a steady stream of malicious code specifically aimed at mobile devices.

The use of mobile devices within the corporate world continues to grow and with it the use of wireless technologies of one sort of another. These devices are quite sophisticated: they run IP services, provide access to the World Wide Web and offer network connectivity. In fact, there’s little you can do with a laptop that you can’t do with a handheld computer.

Therein lies the problem. Enterprises operate today in an ‘open space’, with employees connected, and therefore open to attack, wherever they work: in the work place, at home, or on the road. And mobile devices are intrinsically less secure, operating outside the reach of traditional network security. And as they start to carry more and more valuable corporate data, wireless devices and wireless networks become a more attractive target for the writers of malicious code. The history of software development clearly shows that time and time again ease of access has been delivered ahead of security. And since mobile devices live outside traditional network security, they could easily become the weakest link in the corporate security system.

The first worm for mobile phones, Cabir, appeared in June 2004. Since then Cabir has spread to more than 40 countries across the globe. Cabir spreads using Bluetooth. This is the most common method for wireless transmission of data, so it’s no surprise that it has become the chosen means of infection for many virus writers. Significant numbers of Bluetooth-enabled devices are left in discoverable mode: open to infection and open to hackers.

In a very short period of time, we have seen viruses, worms and Trojans for mobile devices; that is, the array of threats that took twenty years to develop on PCs

Currently, there are around ten new mobile threats per week. Many are fairly basic, but it’s clear that malware authors are aware of the long-term potential for using mobile devices for making money illegally. In April 2006, the first Trojan Spy for Symbian OS appeared: Flexispy is a commercial Trojan that takes over control of smartphones and sends call information and SMS data to the author or ‘master’ of the Trojan. It soon became clear to us that its author was selling his creation for $50. And there has been similar malware for Windows Mobile, currently the second most popular operating system for mobile devices.

Most mobile threats we’ve seen so far require user interaction (accept the file transfer then agree to run it). At first glance, therefore, it might seem surprising how well they spread. That is, until you consider the success of PC-based worms that require similar user action. The key is social engineering, often using the lure of free pornographic pictures, movie downloads, free services or make-money-fast schemes.

It’s no different on mobile phones. For example, the Comwar worm uses MMS [Multimedia Messaging Service] to send itself to contacts found in a phone’s address book, at a cost of around €0.35 per message. Research has shown that many users are prepared to accept files transmitted to their devices using Bluetooth, especially if the content is sex-related.

The effects of the mobile threats vary. The phone may become unusable while the worm remains installed: the Skuller Trojan, distributed via download from a variety of mobile sites, replaces system icons with a skull icon: and makes the linked service unavailable. The Mosquit Trojan sends SMS [Short Messaging Service] messages to premium rate numbers. The effects of ‘crimeware’ like Brador, Flexspy or one of the other mobile Trojans, allow the malware author or ‘master’ to steal confidential data stored on a mobile device. It’s worth noting in this context that users seldom encrypt the data they store on their device, and many don’t even use a power-on password.

While the ‘bad guys’ are still experimenting with mobile technology, we’ve already seen some interesting developments. These include Lasco, a hybrid virus/worm combination; Cxover, that infects files on mobile devices and PCs; and RedBrowser, a Trojan that targets phones running Java [J2ME], i.e. non-smartphones.

Although it’s clear that mobile devices are far from immune to attack, it’s hard to predict when the ‘proof-of-concept’ trickle will turn into a flood. This will depend largely on usage. Once the number of smartphones, and their use for conducting online business, reaches ‘critical mass’, the criminal underground will target them, just as they target any commonly used system. Today criminals use the data stored on desktops and laptops to make money illegally. Tomorrow they will seek to capture data on mobile devices for the same purpose.

This is why leading anti-virus vendors have developed solutions designed to protect mobile devices, both in the form of software installed on the device itself and for use by mobile service providers.

页面工具 打印 | 电子邮件 | 评价
关于我们 | 沪ICP备12021423号-1 | 联系我们 友情链接 | 站点地图 | 隐私 | 法律 | Copyright © 2019 Safe.Sh