Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A mobile worm that leverages SMS messages and internet access has been detected.
Fortinet has detected the SymbOS/Yxes.A worm, also known as the Sexy View, that targets mobile devices running the third edition of SymbianOS S60. However the company also claimed that it may run on a wider range of devices, as it has been reported to function on phones operating SymbianOS S60 third edition FP 1. The worm gathers phone numbers from the infected device's file system, and repeatedly attempts to send SMS messages to those. The messages feature a malicious web address and upon clicking on the address in the received message, the recipients will download a copy of the worm to their device. The worm aims to gather intelligence on the infected victim, with details such as the serial number of the phone and subscription number recorded, and posts it to a remote server which Fortinet believes is likely to be controlled by cybercriminals. Fortinet said that whatever the scammers may do with such information is unknown at the current time. Guillaume Lovet, senior manager of Fortinet's Threat Research Team, claimed that due to its propagation strategy that relies on the worm copy being hosted on a web server, the worm can mutate easily. He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here." See original article on scmagazineuk.com
The worm gathers phone numbers from the infected device's file system, and repeatedly attempts to send SMS messages to those. The messages feature a malicious web address and upon clicking on the address in the received message, the recipients will download a copy of the worm to their device. The worm aims to gather intelligence on the infected victim, with details such as the serial number of the phone and subscription number recorded, and posts it to a remote server which Fortinet believes is likely to be controlled by cybercriminals. Fortinet said that whatever the scammers may do with such information is unknown at the current time. Guillaume Lovet, senior manager of Fortinet's Threat Research Team, claimed that due to its propagation strategy that relies on the worm copy being hosted on a web server, the worm can mutate easily. He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here." See original article on scmagazineuk.com
The worm aims to gather intelligence on the infected victim, with details such as the serial number of the phone and subscription number recorded, and posts it to a remote server which Fortinet believes is likely to be controlled by cybercriminals. Fortinet said that whatever the scammers may do with such information is unknown at the current time. Guillaume Lovet, senior manager of Fortinet's Threat Research Team, claimed that due to its propagation strategy that relies on the worm copy being hosted on a web server, the worm can mutate easily. He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here." See original article on scmagazineuk.com
Fortinet said that whatever the scammers may do with such information is unknown at the current time. Guillaume Lovet, senior manager of Fortinet's Threat Research Team, claimed that due to its propagation strategy that relies on the worm copy being hosted on a web server, the worm can mutate easily. He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here." See original article on scmagazineuk.com
He said: “As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts. However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here."
See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.