If you have a Nokia 6600, 6630, 6680, 7610, N70 and N72 handset, then beware! A highly malicious Worm that is targetting SymbianOS has been discovered by Fortinet. This Worm is actively spreading via mobile phone networks disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm.
As with most Worms and Trojans, users are unknowingly installing the malicious software onto their phones.
The worm, identified as SymbOS/Beselo.A!worm, was identified by Fortinet’s threat response team on 21 January 2008.
The Worm is successful in deceiving users to install it because SymbianOS identifies files based on their contents and not their extensions. As a result, recipients of infected MMS are still presented with an installation dialogue upon “clicking” on the attachment. “Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software,” warned Fortinet.Once installed, the worm harvests all the phone numbers located in the phone’s contact lists and targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm. The worm also sends itself to generated numbers as well, which all appear to be located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers.
Guillaume Lovet, manager of Fortinet’s Threat Response Team, EMEA, is the man who conducted the research and discovered this malicious activity. He has advised Techworld that this is not just another ‘theoretical’ mobile worm that nobody will ever encounter. According to Lovet, the worm is “actual spreading in the wild, although numbers are still pretty low.”
Fortinet is investigating the Chinese connection with the worm and is in touch with law enforcement officials. Whilst the worm is contacting Chinese mobile numbers, it may not be because that is the source of the threat. According to Lovet, the Chinese mobile operator concerned is the largest in the world with 300 million users, so maybe the virus writers thought it would be a good idea to go for mobiles in highly populated areas. It would make sense that if the worm is trying to propagate aggressively, it would seed to high density areas.
If you use a SymbianOS mobile phone, do not agree to any .jpg, .mp3, or .rm files trying to install themselves on your phone.
This article was posted on the Remove Spyware Blog
for more information on protecting yourself and computer, or to improve your
PC’s performance, visit: