Mobile phones: An ear full of worms

They're coming to mobile phones -- those nasty viruses, worms, and Trojan Horses that have, on more than one occasion, crippled PCs. No doubt about that. The question is: Will they be as bad?

Numerous experts believe mobile viruses could be as malicious as their PC predecessors. But some, disturbingly, worry they could be a whole lot worse.

Just consider these two facts: Already today, the planet is populated with substantially more mobile phones than PCs with the gap between the two steadily increasing; and many of these mobile phone customers plan to use their devices as electronic wallets capable of paying for goods and services.

Add to that the fact that mobile phone vendors have opened their once tightly controlled operating platforms to third parties to develop new applications that, in many cases, link to the public Internet.

Now put it all together: millions (and some day billions) of mobile phones with sophisticated banking functions, open interfaces and Internet capability. It's not difficult to understand why hackers, who have honed their skills on PCs over the past decade, are now setting their sights on mobile devices.

"Not fun or fame but money will be the main motive for writing mobile viruses, just as it has become in the PC world," said Andreas Lamm, manager of the German office of Russian antivirus company Kaspersky Labs.

So far, the attacks on mobile phones have been few, around 10, and relatively harmless. They have targeted primarily, but not exclusively, new smart phones that use open platforms such as Microsoft Corp.'s Windows Mobile or the combination of Nokia's Series 60 interface and Symbian's operating system (OS).

Smart phones offer users many functions, such as e-mail with attachments, game downloads or Bluetooth wireless networking, an environment full of potential for viruses, worms and Trojan Horses.

In July, Kaspersky Labs discovered the first-ever worm capable of spreading to mobile phones. Cabir is a proof-of-concept worm that uses the Bluetooth protocol to copy itself onto devices running the Symbian OS up to 30 feet away. It is transmitted as a Symbian installation system (SIS) file and disguised as a security utility called Caribe. When the infected file is launched, the mobile phone's screen displays the word "Caribe" and the worm modifies the Symbian OS so that Cabir is started each time the phone is turned on. An infected phone sends the worm to the first vulnerable phone it finds.

In August, smart phones were attacked by another Trojan horse, Mosquito, which hides in a game by the same name. Once installed, the game causes phones to send text messages via SMS (Short Message Service) to premium rate numbers in several European countries without the user's approval or knowledge.

And in November, mobile phone viruses surfaced once again, with two related Trojan programs. The first, Skulls.A, deactivates all links to Symbian system applications, such as e-mail and calendar, by replacing their menu icons with images of skulls. Users of affected phones can only send or receive calls.

The more recent strain, Skulls.B, includes the Cabir.B worm and, unlike the first version of the Trojan, can spread to other phones within Bluetooth range. Skulls.B is otherwise similar to its predecessor, using Symbian default icons, which look like jigsaw puzzle pieces, instead of skulls to render applications unusable.