Mobile phones: An ear full of worms

They're coming to mobile phones -- those nasty viruses, worms, and Trojan Horses that have, on more than one occasion, crippled PCs. No doubt about that. The question is: Will they be as bad?

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Numerous experts believe mobile viruses could be as malicious as their PC predecessors. But some, disturbingly, worry they could be a whole lot worse.

Just consider these two facts: Already today, the planet is populated with substantially more mobile phones than PCs with the gap between the two steadily increasing; and many of these mobile phone customers plan to use their devices as electronic wallets capable of paying for goods and services.

Add to that the fact that mobile phone vendors have opened their once tightly controlled operating platforms to third parties to develop new applications that, in many cases, link to the public Internet.

Now put it all together: millions (and some day billions) of mobile phones with sophisticated banking functions, open interfaces and Internet capability. It's not difficult to understand why hackers, who have honed their skills on PCs over the past decade, are now setting their sights on mobile devices.

"Not fun or fame but money will be the main motive for writing mobile viruses, just as it has become in the PC world," said Andreas Lamm, manager of the German office of Russian antivirus company Kaspersky Labs.

So far, the attacks on mobile phones have been few, around 10, and relatively harmless. They have targeted primarily, but not exclusively, new smart phones that use open platforms such as Microsoft Corp.'s Windows Mobile or the combination of Nokia's Series 60 interface and Symbian's operating system (OS).

Smart phones offer users many functions, such as e-mail with attachments, game downloads or Bluetooth wireless networking, an environment full of potential for viruses, worms and Trojan Horses.

In July, Kaspersky Labs discovered the first-ever worm capable of spreading to mobile phones. Cabir is a proof-of-concept worm that uses the Bluetooth protocol to copy itself onto devices running the Symbian OS up to 30 feet away. It is transmitted as a Symbian installation system (SIS) file and disguised as a security utility called Caribe. When the infected file is launched, the mobile phone's screen displays the word "Caribe" and the worm modifies the Symbian OS so that Cabir is started each time the phone is turned on. An infected phone sends the worm to the first vulnerable phone it finds.