Mobile Malware

TANUJ TYAGI

CONTENTS
Introduction
Types of mobile malware Attacks for mobile malware Prevention

What is Mobile Malware

Mobile malware is malicious software that is specifically built to attack mobile phone or smartphone systems. It allow a malicious user to remotely control the device or to steal personal information stored on the device.

History
The first known mobile virus, "Timofonica", originated in Spain and was identified by antivirus labs in Russia and Finland in June 2000. "Timofonica" sent SMS messages to GSM mobile phones that read (in Spanish) "Information for you: Telefonica is fooling you." These messages were sent through the Internet SMS gate of the MoviStar mobile operator.

Comparison between Phone virus and Pc virus

MOBILE MALWARE PC MALWARE

Mobile device have greater degree of connectivity than PC Mobiles are always switched on Mobile phone users are less security conscious Doesn't have critical harm

Here connectivity of PC will have LAN or dial up connection It cannot be always switched on More conscious about security

harmful

Four Broad Classification of Mobile Malware

Spware
Spyware secretly gathers confidential information about the mobile user and then relays this data to a third party. Spyware that gathers device information such as OS version, product ID, International Mobile Equipment Identitiy (IMEI) number, and International Mobile Subscriber Identity (IMSI) number can be used for future attacks.

 Trojans
This kind of virus is usually inserted into seemingly attractive and non-malicious executable files or applications that are downloaded to the device and executed by the user.

Phishing Apps
Fraudsters are creating mobile phishing sites that may look like a legitimate service but may steal user credentials or worse.

Attack vectors for mobile malware

Bluetooth
SMS, MMS, WIFI Vulnerabilities in the OS Symbian OS For example Symbian Series 6.x devices (Nokia 3650 and Siemens SX-1) is to create a file called INFO.wmlc in the root folder with 67 spaces between the INFO and the .. This causes the mobile to work slowly or even crash.

Harm Caused by Mobile Malware

Causing financial loss to the user Initiate unnecessary calls, send SMS or MMS Send private information (such as contacts or address book information) to a predefined phone Cause the devices to work slowly or to crash Infect files Modify or replace icons or system applications Wipe out information (such as address books) on the infected devices Install bogus applications on the device

Some important and widespread mobile malware

CABIR
Cabir a family of Bluetooth-worms that runs on Symbian mobile phones that support the Series 60 platform. Cabir worm can only reach mobile phones that support Bluetooth, and are in discoverable mode.

PROPAGATION
Cabir replicates over Bluetooth with a file named caribe.sis that contains the worm's main executable caribe.app, system recognizer flo.mdl and resource file caribe.rsc.
The caribe.sis file will not arrive automatically to the target device, so the user needs to answer yes to the transfer question while the infected device is still in range. The question will be repeated to the user if they select no.

COMMWARIOR
Commwarrior family are worms that infect devices running the Symbian S60 2nd Edition operating system. Commwarrior can propagate by over both Bluetooth and Multimedia Message (MMS) networks.
When replicating over MMS, Commwarrior sends out MMS messages containing the infected SIS file. On opening the MMS message, the recipient then becomes infected.

GINGERMASTER
A trojan developed for an Android platform that propagates by installing applications.
It steals information from infected terminals (user ID, number SIM, phone number, IMEI, IMSI, screen resolution and local time)

SKULLS
This virus replaces all phone desktop icons with images of a skull.

Protection and Prevention Mechanisms

Keeping the device in non-discoverable Bluetooth mode
Installing an anti-virus

Exercising caution when installing applications from untrusted sources