Smartphones are being used more and more to do business, surf the Internet, access bank accounts, and pay for goods and services. This not only leads to an increased number of cyber criminals targeting these devices for illegal gain, but to strains of mobile malware using the Internet to achieve this.
So says Denis Maslennikov, Mobile Research Group manager and senior analyst at Kaspersky Lab. “Between June 2009 and May 2010, 35% of all detected malware designed for smartphones operated via the Internet.”
Three years ago, he says, mobile malware was capable of spreading via Bluetooth and MMS, sending SMS messages, infecting files and enabling the remote control of the device. “Mobile malware could also modify or replace icons or system applications, install fake fonts and applications, combat anti-virus programs, lock memory cards and steal data.
“Within the past three years, mobile malware has adopted a number of new technologies and techniques. It can spread via removable media such as flash drives; damage the user's data; and disable operating system security mechanisms.”
Maslennikov says it can also establish a connection to the Internet on its own, call paid services, and perform phishing attacks.
“Two other new technologies are proto server-side polymorphism, or malware which uses encrypted server-side components, and malware that downloads other malicious files or an additional payload.”
He cites Worm.WinCE.InfoJack as an example of malware which has Internet functionality. “The worm has downloader functionality, as it tries to download additional malicious modules once the smartphone is connected to the Internet.
Another example of malware that connects to the Internet and sends periodic SMSes is Sejweek, an SMS Trojan for mobile phones. “It downloads an encrypted XML file, and decrypts it to retrieve a phone number, message body and an interval at which it will send SMS messages.”
Speaking of the iPhone, he says the Net-Worm.IphoneOS.Ike.b is the first commercialised iPhone malware. “It uses an SSH vulnerability on jailbroken iPhones, and changes the SSH password after infection. It then receives shell commands from a Web server, and redirects customers of a Dutch bank to a phishing page. It is also the first mobile botnet discovered.”
Maslennikov says mobile botnets are on the rise, and will have almost the same functionality as regular botnets. “They will be able to send spam, steal vast numbers of passwords, and even possibly launch denial of service attacks via the telephone. Mobile botnets are one more way cyber criminals can make money.”
Share
