NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0363 Symbian Virus-Worm Spreading:
A new virus-worm for Symbian OS smartphones has been detected and is actively spreading
on various mobile phone networks, reports FortiGuard Global Security Research. The worm,
deemed SymbOS/Beselo.A!worm is able to run on several Symbian S60 enabled devices. After
an installation phase, the worm engages in a propagation routine: phone numbers located
in the contact list of the devices are harvested, and targeted by viral MMS carrying a
SIS-packed (Symbian Installation Source) version of the worm. However, the SIS file does
not bear a .sis file extension -- rather, it is disguised as a multimedia file with an
evocative name: Beauty.jpg, Sex.mp3, or Love.rm. Unlike Microsoft Windows, SymbianOS types
files based on their contents and not their extensions, so it is worth noting that
recipients of infected MMS would still be presented with an installation dialogue upon
"clicking" on the attachment. Therefore, users could easily be deceived by the extension
and unknowingly install the malicious piece of software. In addition to harvesting the
numbers stored in the phone address book as mentioned above, the Beselo worm sends itself
to generated numbers as well. Interestingly, all those numbers are located in China and
belong to the same mobile phone operator. Some of those numbers have been verified to belong
to actual customers, rather than being premium service numbers. The why's and how's of
such a routine are still under investigation.
(Cellular-News.com 21JAN08)