Mobile Malware – Hype or Threat? – An analysis



I wrote this article in 2006.

You’ve certainly witnessed the ongoing speculation as to whether mobile malware is the type of threat some vendors have been accused of. Malware authors are in a unique position to follow the trend, understand when an approach is mature enough to start thinking about how to roll back, and then suddenly switch their techniques completely – resulting in P2P, IM, email and yes, Skype touts sort of weekly media articles as the “next big thing” on the malware scene.

It’s all cyclical and not rocket science that requires a reverse engineer to explain and amaze you with advanced assembly experience.

There is an incentive for malware authors to code mobile malware, namely the commercialization of mobile malware itself, which happened in mid-2006 with the release of RedBrowser. Among the main points I made in my “Malware – future trends“Research I published in early 2006. As always, the ugliest things come out the easiest.

The very nature of a cellphone’s voting and purchasing power, not to mention it, could literally capture your imagination about the possible misuse.

Why would an end user start asking a cell phone carrier representative about the availability of mobile antivirus scanners? Because he or she would have become a victim of the viral art of marketing

The most important points of the branch:

– more people own mobile phones than PCs – which doesn’t mean they are all smartphones running Symbian or Windows Mobile

– 300+ generic detected malware samples, reminiscent of the concept of a malware family in the PC malware world. These are all the Cabir family spreading the internet to write code and have assignments from script kiddies fueling the FUD while watching Takedown and inspiring themselves to eavesdrop on someone’s mobile communications while they “commute” in the park.

The reality

– Antivirus vendors suffer from marketing myopia, they just fell in love with their products and we all know it’s hard to become as pragmatic as you used to be once you’ve fallen in love – sweet pain

– The majority of known mobile malware comes from a publicly available Cabir Proof of Concept (PoC) code that represents the proliferation routine it contains. The current threat is nothing more than a family of mobile malware, and there is no such thing as a perfect family

– Malware writers are too busy to efficiently play cat-and-mouse games and reach the soon to be 1 billion global internet population.

– The end user MUST confirm the unknown Bluetooth connection, if in discoverable mode, he must confirm the execution of the executable from unknown source

– With Symbian and Windows Mobile dominating the mobile operating system space, a vulnerability in the systems is critical

– Antivirus signatures are fundamentally reactive security protection

I once argued the myth that antivirus vendors split every malware pattern they encounter between the “usefulness” of virus signatures in today’s open-source malware and malware-on-demand worlds

How can you protect yourself?

– Understand the basics of mobile malware

– Do not install applications from untrustworthy sources on the go

Do you need a personal virus scanner for your mobile phone? No, you don’t have to, but mobile operators need them at the gateway level, the rest is just your mobile operator differentiating their offering, positioning themselves as aware and continuing to drive growth in the market – regardless of whether the revenue is spent on more R&D on mobile malware or market development with other products is the responsibility of the providers themselves.

It’s your network operator that should be responsible for limiting the spread of potential epidemics, and charging a dollar for a minor modification to Cabir’s PoC distribution module brings us back to the same old problem with open-source malware or malware after Needs and antivirus usefulness of signatures and timeliness of updates. My point, the responsibility for handling the common and family mobile malware we see today should rest with my wireless service provider, not myself who gets infected and spreads the disease even more.

The average cell phone user would appreciate a vendor’s brand even more if they were told about the enormous dangers posed by cell phone malware – from a marketing perspective, they would even spread the word and try to draw the other’s attention to themselves as more tech savvy Guy with a fancy AV scanner on his couple hundred.

However, targeted attacks have enormous potential, while mass mailing of mobile malware would result in the mobile operator directly blocking it and merely telling the end user to take responsibility. All you need is one widespread mobile malware distribution attempt, and then witness your operator use their proprietary rights to shock and impress you with their expertise.

Smart investments aren’t always the ones that seem the most proactive, but rather the ones that capitalize on the momentum.

Remember that the best marketers not only profitably respond to consumer needs, they also create new markets. It’s the unspoken rule of the game.

What’s next? Antivirus software for your gaming device and music player and for your IPv6 compatible fridge? Sure, but in the very, very long term. Meanwhile, be aware, don’t panic, and try to only base your concerns on objective and unbiased sources.

Stay tuned!

*** This is a syndicated blog from Security Bloggers Network Dancho Danchev’s Blog – Information Security Knowledge Streams written by Dancho Danchev. Read the original post at:


About Author

Comments are closed.