Chinese Firm Writes First SMS Worm

Outsmart Malicious Hackers


Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm!

It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of self-propagating e-mail worms when corporate e-mail servers were getting flooded because everyone in the company was sending the same attachment to everyone else in their address book.

Now with the application integration on mobile phones it’s now possible on mobile phones.

Three Chinese companies — XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin — created the ‘Sexy Space’ worms or Yxe Worm (Worm:SymbOS/Yxe.D) and submitted to Symbian OS-based phones through the express signing procedure, said F-Secure Security Labs recently.

“The worm is the first text message worm in history,” said Chia Wing Fei, security response senior manager at F-Secure. “Our labs have received few confirmed reports from China and Middle East at the moment.”

The first stage of Symbian’s signing process is done automatically using an antivirus engine, said Chia, adding that once an application has been submitted and scanned, random samples are then submitted for human audit.

So what next? Anti-virus for your mobile phone? Well that already exists (e.g. Kaspersky Mobile Security).

I’m sure the Symbian developers will tighten up the OS and the signing procedure too. It’s an area that is definitely going to get some attention with people starting to do more on their phones (PayPal just came out with an iPhone app for example) and mobile banking has been gaining popularity.

However, most applications are not inspected by humans through the express signing procedure, he noted.

An attacker can therefore put a web link pointing to the worm’s web site into a text message and invite the user to download the worm by clicking the link, Chia said. Once activated, the worm will install itself on the device, and send a similar text messages to all phonebook contacts listed, he added.

“These messages are sent in your name and from your phone. It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you 500 times 5 cents,” Chia noted.

It could cost you some money getting infected, and definitely cause a headache for you and your friends.

No one likes spam right? Especially when it’s serving up some self-replicating malware.

Source: Network World

Posted in: Exploits/Vulnerabilities, Malware

,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


3 Responses to Chinese Firm Writes First SMS Worm

  1. ruionkoh July 30, 2009 at 11:11 am #

    this is crazy! O.o

  2. d3m4s1@d0v1v0 July 30, 2009 at 12:25 pm #

    wow, it seems that the Symbian OS is having several security problems. In the last months I have seen some very risky problems in this OS.
    If cellphone manufacturers don’t start to pay more atention in security, there will be a lot of malware comming.

  3. c August 5, 2009 at 6:04 pm #

    These SMS messages could be easily blocked at the network operator level. For example, the company I work for produces an anti spam solution for SMS, which the network operator can install on their network to remove fraudulent, spam or viral messages from the network. I guess things like this worm increase the demand for such solutions. Interesting how phones are being exploited though.