Windows Mobile Terdial Trojan makes expensive phone calls

Some players of a mobile phone game called “3D Anti-terrorist action” are reporting an unexpected feature of the game – expensive international phone calls appearing on their bill.

A number of owners of Windows Mobile phones are reporting online that their cellphones have been making pricey calls to numbers to a variety of destinations including the Dominican Republic, Somalia and Sao Tome and Principe, without their permission.

What the victims all appear to have in common is that they installed the same game to their Windows Mobile phone.

It appears that a Russian-speaking hacker has taken the game “3D Anti-terrorist action”, embedded his Trojan horse inside it, and uploaded it to Windows Mobile download sites on the web. Presumably they are hoping to skim some money from the expensive premium rate phone calls.

It’s important to remember that malware for mobile devices is still quite rare, particularly when compared to infections on conventional Windows computers. But what may surprise some is that there is nothing particularly revolutionary about criminals attempting to make money out of mobile malware.

For instance, back in 2004 we saw the Mosqit Trojan that could infect Nokia phones running Symbian, forcing affected devices to send text messages to premium rate numbers. Like this latest report, the hackers hid their Trojan inside a cracked version of a mobile phone game.

Sophos detects the malware as Troj/Terdial-A, and advises all mobile phone users to exercise caution when downloading and installing new applications.

By Graham Cluley, Sophos

Related Blogs

Surveillance rootkits on smartphones

Liviu Iftode and Vinod Ganapathy, two researchers at Rutgers University, have revealed some experiments they have been conducting, showing how rootkits could be used to take control of smartphones.

The scientists have shown that a malicious attacker could cause a smartphone to “eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless”.

Watch the following YouTube video to learn more:

It’s a cute little video, but how realistic is this threat in reality?

I don’t think the kind of attack described by Iftode and Ganapathy is a big deal right now.

Yes, it is possible to change or put software onto a smartphone (by, for instance, installing a rootkit) so that the mobile device then performs malicious functions. For instance, code that enables covert remote surveillance, battery drainage or silently steals data.

Of course, this relies upon the smartphone allowing you to make changes to its low-level software. Popular smartphones like the Apple iPhone lock down that kind of meddling to a great extent.

So, the key thing to remember is that the bad guys have to somehow get the malicious rootkit onto your phone in the first place.

How are they going to do that?

They would either need to have physical access to your smartphone, exploit an unpatched security vulnerability or use a social engineering attack to trick you into installing malicious code. Even if they went down the “trick” route they would be relying upon the phone’s OS to allow you to install unapproved apps (iPhones, for instance, are strictly controlled by their Cupertino-based overlords, allowing users to only install code that has been approved and checked by the AppStore).

So it doesn’t sound like what Iftode and Ganapathy are describing is actually any different from the rootkits that infect traditional desktop computers. The main difference is that there are probably less opportunities (and thus much harder) to infect a mobile phone than, say, a computer running Windows.

Furthermore, I would argue that the typical mobile phone user is still typically less used to installing applications than their Windows counterparts, and so the chances of success via fooling the user into installing a dangerous application can be assumed to be even lower.

Iftode and Ganapathy have not demonstrated any revolutionary new way of getting round the biggest hurdle for those wanting to spy on smartphones: how are they going to get the malware onto the phone?

If I really wanted to snoop on someone’s phone I think it would probably be easier to swap my victim’s mobile phone for an identical (but bugged) device rather than go to all this effort with no promise of success.

Sure, the mobile phone malware threat is growing – but it’s a tiny raindrop in a thunderstorm compared to regular attacks that strike Windows computers. Slowly but slowly it’s becoming more serious (the recent discovery of financially-motivated malware that targets jailbroken iPhones is proof of that), and undoubtedly we will begin to see more users running anti-virus security on their phones in the years to come.

However, if I was responsible for securing my company’s mobile phones I would be much more worried about the real security threat of staff losing their phones in taxis or on the train, rather than the theoretical risk of surveillance rootkits.

It’s a nice video and presentation that Iftode and Ganapathy made, but I won’t be losing any sleep over it just yet.

More information on the topic of smartphone rootkits can be found in the paper Iftode and Ganapathy have produced: “Rootkits on Smart Phones: Attacks, implications and opportunities” [PDF]

By Graham Cluley, Sophos

ESET released Free ESET Mobile Antivirus for Symbian OS

• Activation – performed online via graphic user interface
• Archive Scaning – variable in-depth scanning of archives
• Heuristics – pioneering proactive protection for
  mobile platforms
• Logs and Statistics – provides information about scanning tasks and virus signature database status as well as a report on scanning history
• On-Access Scanning – scans newly-created and opened files; scanning of files received via Bluetooth, IR and Wi-Fi
• On-Demand Scanning – scans running processes and storage (including specific subfolders); standardized logs
• Quarantine – infected objects can be deleted or moved to a quarantine folder; once in quarantine, objects can be deleted or restored
• Updates – updates can be performed automatically on a daily (default), weekly or monthly schedule, or performed manaually by the user on an on-demand basis
• User Interface – friendly, easy-to-use user interface

ESET’s Mobile Antivirus is compatible with Symbian S60 3rd Edition, both Feature Pack 1 and Feature Pack 2, and on smartphones powered by Symbian S60 5th Edition. It requires 1MB of free memory to run on a Symbian OS-powered handset.

This release is the first ever release on ESET’s part. ESET Mobile Antivirus is still in the beta-testing stage, just to inform all readers out there.

Download the free ESET Mobile Antivirus for Symbian OS by clicking this download link.

For instructions on how to use the Mobile Antivirus on the OS, you can download the user manual in PDF format.

Source: http://softgeeek.blogspot.com