First SMS Worm: Made in China

Darknet is reporting that a Chinese firm has developed the first SMS worm. Not to be confused with the recent iPhone OS security hack, this worm targets phones running Symbian. Symbian OS, runs on 46.6% of all mobile phones so this is significantly more of a threat than the iPhone hack (the iPhone holds just under 20% of the market). Also, despite rapidly declining in popularity in the US, Symbian dominates the global market, especially in BOP countries located throughout continental Asia and Africa.

Much like those annoying self-propagating emails from the late 90’s (the one’s that targeted your entire address book) this worm replicates itself by SMSing all your contacts, then all their contacts, then all those contact’s contacts and so on. Worms like this are notoriously hard to stop because there’s it takes the combined effort of everyone targeted to improve security on their end of the chain, otherwise the worm just spreads again.

Three Chinese companies — XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin — created the ‘Sexy Space’ worms or Yxe Worm (Worm:SymbOS/Yxe.D) and submitted to Symbian OS-based phones through the express signing procedure, said F-Secure Security Labs recently.

“The worm is the first text message worm in history,” said Chia Wing Fei, security response senior manager at F-Secure. “Our labs have received few confirmed reports from China and Middle East at the moment.”

The first stage of Symbian’s signing process is done automatically using an antivirus engine, said Chia, adding that once an application has been submitted and scanned, random samples are then submitted for human audit.

According to a recent study by SMobile Systems, one in every 63 Symbian powered handset is already infected with some sort of malware.

Sadly, most users of infected phones probably don’t know it. Cell phone malware is often very silent and stealthy, and few users have any sort of security program that would detect such an infection in the first place. Meanwhile, the malware keeps running under the hood — stealing passwords to financial institutions, sending email and SMS messages on the behalf of the user (some text message services can cause the sender of the messages to be billed), or even letting hackers listen in on cell phone calls as they are made.

Will this mark the beginning of Norton Anti-Virus for mobile devices? Possibly but some seem to think not, since (unlike email) there are only a few central network providers who control the flow of SMS traffic in every country (the mobile carriers like AT&T, Orange, MTN etc.)

An employee of an unnamed mobile company offered this statement as a comment on Darknet’s website…

These SMS messages could be easily blocked at the network operator level. For example, the company I work for produces an anti spam solution for SMS, which the network operator can install on their network to remove fraudulent, spam or viral messages from the network. I guess things like this worm increase the demand for such solutions. Interesting how phones are being exploited though.