Most people think about computers as the vulnerable technology in their life. However, your mobile or smart phone is often overlooked as a possible risk. In some cases, phones may be even more vulnerable since they typically don’t carry the firewall or antivirus programs that many of us utilize on our computers. Additionally, people are more likely to click on links, downloads and attachments from our phone. These can all be clever malware attacks. Attacks can gather personal information, obtain your contact list, and disable messaging and phone services and more. Other attacks can even impact battery life, and create high usage bills. A recent article on research findings in this field highlights some of these attacks:

CommWarrior is a virus family affecting cell phones operating Symbian OS S60 2nd edition. The virus extracts numbers from the contact list of the infected phone, and sends a MMS carrying an infected installation file. This file usually poses as a recreation (game, ringtones, porn & etc) or utilitarian (antivirus, desktop manager & etc) application. The device will be infected once the target executes the application. Currently, CommWarrior is being reported in over 18 different countries around Asia, Europe and North America.

BeSeLo, a virus affecting cell phones operating Symbian OS S60 2nd edition. Unlike Commwarrior, BeSeLo not only extracts numbers from the contact list of the infected phone, but also generates some by itself. It then sends those numbers an MMS carrying an infected installation file.

Spyphone is a Trojan Horse that conducts various spying operations on the infected device (including monitoring incoming calls), on behalf of the individual who sent it to the victim. It does not have an automated infection routine: an attacker has to actively send it to the selected victim, on the form of an installation file. Upon execution of this file, the victim is prompted with the following message: “Install Sysapp? Yes / No”. Selecting “Yes” will lead to the definitive infection.

Cell phone users should be cautious about opening attachments from all sources, even it is appears to be coming from your best friend. Be cautious of file extensions and if it prompts for an application installation, you should be concerned. Always put your mobile phone in Bluetooth disabled mode when not in use, and if you use your cell phone as a wireless modem, be sure to utilize security features that lock down your connection. Don’t download ringtones, applications, games or other software- only use a trusted company such as your phone provider for these products. Explore data encryption methods and additional password protection for the files on your device. Keep checking this blog for more information on cell phone security.

A new scam attempt, aimed at playing on our greatest fears, is making it’s way around cyberspace. ComputerWorld reports that hackers are using this trick to try to get you to download malware onto your computer. They are being so clever, that customize the scam to your location! A email comes to you with headlines such as “Bomb Blast in (your town)” or “At Least 18 Killed (in your city)” and leads to a fake Reuters news service site. Using a familiar ploy, the site then directs you to download the latest version of a flash player so you can see the details. However, instead of a flash player, you get a nice big download of malware.

This reminds us to be suspicious and vigilent. Scam artists are getting very refined in their methods, and some of the attacks are incredibly sophisticated to try to fool you. Don’t let fear keep you from practing the utmost caution when you recieve emails. Always be skeptical of updates to your flash player from third party sites. Go to the website for your player directly to ensure that you have the latest version.

Straight from their alerts page:

added March 4, 2009 at 11:53 am

“US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com. The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.

Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signature files up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor’s website.
• Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks. “

This is a reminder to us all that while we may trust the websites themselves, the applications available for download or the media shared on these sites are not usually examined for malicious code. Even if you trust the “friend” who sent it to you, that person may not be in control of their own account.

~Rachel James, Intake Specialist