Mobile phones come under attack from worm

News by Dan Raywood

A mobile worm that leverages SMS messages and internet access has been detected.

A mobile worm that leverages SMS messages and internet access has been detected.


Fortinet has detected the SymbOS/Yxes.A worm, also known as the Sexy View, that targets mobile devices running the third edition of SymbianOS S60. However the company also claimed that it may run on a wider range of devices, as it has been reported to function on phones operating SymbianOS S60 third edition FP 1.


The worm gathers phone numbers from the infected device's file system, and repeatedly attempts to send SMS messages to those. The messages feature a malicious web address and upon clicking on the address in the received message, the recipients will download a copy of the worm to their device.


The worm aims to gather intelligence on the infected victim, with details such as the serial number of the phone and subscription number recorded, and posts it to a remote server which Fortinet believes is likely to be controlled by cybercriminals.


Fortinet said that whatever the scammers may do with such information is unknown at the current time. 

Guillaume Lovet, senior manager of Fortinet's Threat Research Team, claimed that due to its propagation strategy that relies on the worm copy being hosted on a web server, the worm can mutate easily.


He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here."












Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews