Greater Mobile Use Brings Bigger Virus Threat

New variants spreading via Bluetooth, multimedia and text features.

Mobile viruses are infecting more handsets than ever, and are much smarter than they were just one year ago, according to a report released today from AdaptiveMobile.

Viruses are going well beyond initial quests centered around replication on devices. Today's aim to steal phone books and contact lists to initiate premium text messaging activity for money-making schemes. The viruses are also aiming to entice users into Web site based scams to steal confidential financial data.

"The initial mobile virus was about proof of concept -- could virus makers get viruses to replicate far and wide," Simeon Coney, vice president of strategic development for AdaptiveMobile, told

"Now it's organized crime focused on stealing or extracting money or grabbing confidential information," he said.

The report states one wireless operator experienced a virus infection rate spike from .05 percent in late 2007 to 6 percent of users in early 2008. Another wireless carrier now cleans 100,000 infections off networks each day compared to 50,000 just a year ago, according to the report.

"The viruses are very rapidly growing because all the virus has to do is find one user and that handset become the catalyst to then reach and infect hundreds of other mobile devices," explained Coney.

The news comes as mobile devices continue to proliferate in use, and as more users rely on handsets as a workplace communication device.

Worldwide mobile phone sales topped 1.15 billion in 2007, according to research firm IDC, which predicts an estimated 304 million smartphones will be in use by 2011. Gartner analysts have reported that smartphones are expected to outsell laptops this year.

The low-hanging fruit.

The most prevalent virus is the CommWarrior, which is an increasing threat to handsets built on the Symbian platform and has been detected primarily on Nokia Series 60 phones.

The fastest growing virus, however, is Beselo, which doesn't discriminate on devices but is also primarily detected on open source platforms. While not around as long at CommWarrior, Beselo is now growing at four times the rate of CommWarrior, according to the report.

Symbian is a favorite target as open systems are easier to crack over proprietary systems, explained Coney.

"Yet it's not a matter of deficiency for Symbian as much as it is for open systems. It's just the nature of virus writers to exploit where it's easiest," he said.

One thing is for sure as more devices come into play the virus threat will grow in tandem. One reason is that today's platforms offer limited or no inherent security features, according to security experts.

Another is simply the quest by malware writers to wreak vengeance on popular devices, according to Coney.

"You'll start seeing the iPhone targeted as its popularity increases and it draws more virus writers' attention, just like the Windows PC became a target," he explained.

Tough to fight

A big issue in fighting mobile malware is that detection isn't easy. The primary evidence is a big text or messaging bill, and many enterprises don't even review SMS line charges on wireless bills, Coney pointed out.

"Corporate users never even see the bill so they have no idea and companies aren't paying attention except to voice call charges typically," said Coney.

While enterprises can deploy security applications the best strategy is better security on the carrier side, said Coney.

"Mobile carriers need to improve protection within networks to stop viruses from reaching handsets. Not only will it protect their customers it will reduce customer complaints and service issues," he said.

He added that security measures could become a valuable service capability that could lure new subscribers.

For today's carriers wrestling for dominance in a crowded market such a differentiator could prove worthwhile as rate plans and even devices will eventually lose their allure as top reasons to subscribe to a particular service.

Security News Solutions

Comment and Contribute

    (Maximum characters: 1200). You have 1200 characters left.



    Security News| Contact Judy Mottl | Back to top

    Click the Join button below to sign up to our newsletter!