NEWS FROM THE LAB - Monday, November 14, 2005

More than 100 known mobile malware variants Posted by Jarno @ 13:24 GMT

On previous week, we breached the mental barrier of 100 known variants of Mobile malware. While from a technical point of view, it doesn't really matter whether there is a bit less or more than 100 known variants. 100 is a figure that makes quite a few people to think about it. So this might be a good time for a short summary what we have seen so far.


When looking at the graph that shows the total number of known variants in relation with time, one can see that most of the variants have been discovered during 2005 and that the rate of discovery has been rather constant.

The current total count of mobile malware is 103 known variants, the latest one being Skulls.U. Exactly 98 of the known variants are for Symbian Series 60 devices, of which 75 were stopped by generic detection in F-Secure Mobile Anti-Virus. Which means that the Anti-Virus was already able to stop the malware before we got the first sample.

The largest malware family is Cabir, with 27 variants, followed by Skulls that has 21 variants.

All in all, the situation in mobile malware bears strong resemblance to the early days of PC malware.
All of the currently known malware cases are created by hobbyists and amateurs, no signs of profit motivated malware or other organized crime has been seen yet.

Most of the currently known cases are technically rather primitive, but the latest cases have shown increasing level of sophistication.

Also most of the currently known cases are variants of some existing malware family, not something that would require a new family name. Which means that there is a small group of malware authors that create something new and a large group who take existing samples and modify them to create new variants.

So far most of the known cases have not caused large scale outbreaks, but Cabir and Commwarrior have spread globally and have caused significant local outbreaks. By our knowledge there has already been tens of thousands of mobile phone infections worldwide.

As of now there are four ways of getting infected with a mobile phone virus
 1) Via Bluetooth
 2) Via MMS
 3) Via web download (either from the phone or via a PC)
 4) Via memory cards

The only case where malware can infect the device without user acceptance is via memory cards, for example with Commwarrior.C. But as people don't swap cards very often, this infection vector is rather limited.

In conclusion, the situation in mobile malware is not yet too serious, but has been getting steadily worse.

The best protection against mobile malware is user education and Anti-Virus software in the end user devices. Also the telecom operators who have taken active stance in preventing and limiting local outbreaks, have helped to keep the situation calm.