×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

First Symbian OS virus to replicate over MMS

CmdrTaco posted more than 9 years ago | from the only-a-matter-of-time dept.

Worms 179

Shachaf writes "A new virus, CommWarrior.a, is the first to replicate over MMS (Multimedia Message Service). From the article: 'Multimedia Message Service (MMS) is a more advanced version of the Short Message Service (SMS) familiar to users of GSM based handsets around the world, and allows rich content such as pictures, sounds, video, and applications to be sent as well as text.', and '"With MMS messages typically costing between $0.25 and $1.00 CommWarrior could prove expensive to anyone unlucky enough to be infected by it. As the virus runs silently in the background it could be quite some time before the user becomes aware of the potentially hundreds of MMS messages that have been sent," said Aaron Davidson, CEO of SimWorks.'"

Sorry! There are no comments related to the filter you selected.

That sucks, yeah, but look at the bright side! (1)

Cooler1011 (829888) | more than 9 years ago | (#11879281)

At least it costs you money!

Re:That sucks, yeah, but look at the bright side! (2, Insightful)

cayenne8 (626475) | more than 9 years ago | (#11879655)

Can someone clue me in as to what this SMS and messaging is all for?? If you have a phone...why send text messages over it? It's a phone...call and talk to them....??

Re:That sucks, yeah, but look at the bright side! (1)

British (51765) | more than 9 years ago | (#11879846)

I'm really curious why anyone would want to send applications to someone else's phone.

I can understand pictures, sure. I can understand sound, er. okay, we have voicemail for that. I simply cannot comprehend sending someone an application. A program, something executable. It is pure overkill. Why not just refer him/her to where you got the app from? That will centralize things a bit.

Applications are the new scapegoat for "things you can send to friends". Don't want to do it in email, now you don't want to do it on your phone. Viruses have ruined the fun for everyone.

Actually, it may be a good thing. (2, Interesting)

WindBourne (631190) | more than 9 years ago | (#11879987)

All too often, a virus costs somebody time. They are willing to accept it as just a lost of that. Instead, society needs to start accepting that all virus represent lost money. Once they do that, they will start looking for alternatives to where 99.999 % of the virus occur at.

In other news, would you like to see.. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11879283)

Natalie Portman naked! Just open this message...

First Mod! (0)

Anonymous Coward | more than 9 years ago | (#11879304)

You guys were so slow! I was about to do FP myself and mod myself out of existance.

First AV As well... (3, Informative)

RobertTaylor (444958) | more than 9 years ago | (#11879289)

The first virus... but lucky there is already anti virus software [simworks.biz] out there for your p910 :)

Re:First AV As well... (2, Interesting)

tabkey12 (851759) | more than 9 years ago | (#11879328)

Please no...

Why is Symbian so insecure - surely an embedded OS is not difficult to harden? It is not as if the phone will be running lots of insecure services by default.

Another reason to stick with my simple phone!

Re:First AV As well... (1)

m50d (797211) | more than 9 years ago | (#11879572)

This isn't really their insecurity, it's the ages-old "dumb user opens executables from random stranges" problem. There's not much you can do at the OS level to stop that, at least without impeding functionality (people want to be able to send games to each other)

Re:First AV As well... (1)

ThosLives (686517) | more than 9 years ago | (#11879820)

I think the point the GP was making was "why does a phone have the capability to EXECUTE APPLICATION CODE instead of just being a phone!?!?!"

(at least, that's my response to this whole debacle...)

Re:First AV As well... (1)

Mojojojo Monkey Inc. (174471) | more than 9 years ago | (#11879906)

Although like usual, it's not the "dumb user opens executables from random strangers" problem, but the "dumb user opens executables from trusted friend" problem. From the old days of infected-floppy-sharing to modern viruses that pull email addresses from users' address books, this goes after the type of people who think "I'm curious what Uncle Fred is trying to send me, so I'll just click "OK" repeatedly to open it!"

Re:First AV As well... (1)

natrius (642724) | more than 9 years ago | (#11879935)

It is not as if the phone will be running lots of insecure services by default.

Uh... all communication coming into the phone requires a service to receive it. Bluetooth, MMS, and the calls themselves all need something to receive them. A communications device is going to be insecure by nature unless great effort is taken to secure it. The reason this hasn't been a problem until now is because people couldn't remotely control or transfer data (other than plain text and the calls themselves) to and from their phones like they can now. Every new remote feature brings the possibility of a remote vulnerability. With great power comes great responsibility... or something like that.

Re:First AV As well... (0)

Anonymous Coward | more than 9 years ago | (#11879361)

I'd like to hear about actual users reporting that they've been affected.

Last time this company made an announcement, it was a "virus" that spread by bluetooth, only if the user accepted to download it.

Wow! (4, Insightful)

FreeLinux (555387) | more than 9 years ago | (#11879364)

What a remarkable "coincidence".

I never put any credence into the ativirus companies writing viruses conspiracy theories but, that one's just too fishy.

Re:Wow! (1)

oGMo (379) | more than 9 years ago | (#11879523)

Eh, look at it this way, does Microsoft write viruses? After all, it's really suspicious that you hear about vulnerabilities and there are already viruses that take advantage!

Well, not really. It's just there are a lot of people in the world; some of them strike quickly to write viruses, some of them strike quickly to write antivirus software.

Re:First AV As well... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11879397)

'Silencing Sgrena, gangland-style'

Monday, March 07 , 2005

Sgrena had the goods on them, the whole bloody litany of crimes perpetrated by the swaggering Texas psychopath and his Pentagon goons. Her interviews with Falluja's refugees put her in a position to spill the beans on Bush's murderous farce and splatter the headlines across Europe with the real picture of what is going on inside Iraq.

"I wanted to tell about the bloodbath in Falluja through the refugees tales....I had in front of me the EVIDENCE of what Iraqi society had become with the war," she announced in her confession My Truth ("La mia verita")

Of course she did...so she had to die. Others have died for much less. According to Eason Jordan, veteran news chief who was axed for telling the truth of what most suspected anyway; that Rumsfeld was intentionally targeting journalists in a maniacal effort to control the flow of information coming out of Iraq. Eason predictably recanted and threw himself on his sword, but the evidence is clear; the bombings of Al Jazeera (twice) and Al Arabiyya TV, as well as the unprovoked attack on the press facility in Baghdad (the Palestine Hotel) that killed a Spanish journalist, were all premeditated. No junior officer ordered an Abrams tank to lob shells into the media's hotel. That order came from the very top rungs of the War Dept.



The choice to fire 300 rounds into the vehicle carrying an Italian journalist to safety was not ordered by a junior-grade officer either.

When Sgrena was transported to the Baghdad airport everyone along the way was notified. In case you're wondering, no one simply travels the road to the airport without all points being alerted to their movements. It's the most hazardous stretch of ground on earth and no one passes without proper clearance. This means that the Pentagon's storyline is pure fiction, as time will certainly tell. They weren't overtaken by a speeding vehicle; it was a trap. The car was a mere 700 meters from the airport when Marines started pumping it full of lead in a gangland-style hit. Miraculously, Sgrena survived with only minor injuries.

"Nicola Calipari dove on top of me to protect me," Sgrena said, "and immediately, I felt his last breath as he died on me...I had a sudden thought: I recalled my abductors words. They said they were committed to releasing me, but that I had to be careful because' the Americans don't want you to return'."

How strange that "insurgents" would have to warn an Italian correspondent that the real danger she faced was the American army. She hadn't realized to what extent she had put herself at risk by uncovering the truth.

And what was this "truth" that Sgrena would be publishing on her return to Europe? Would it be further confirmation that the United States had used mustard gas, nerve gas and other incendiary chemicals during their assault on Falluja as Iraq's Health Ministry has already claimed? Would she verify the reports of cluster-bombs and "melted bodies found in the city, where dogs, birds, plants and all forms of life were destroyed?" Would she prove that large areas in Falluja have been excavated; (and dumped in the dessert) removing the remnants of toxic weapons that saturated the soil?

How far would Bush's polling numbers plummet if the American people discovered that the sadistic Rumsfeld was using banned weapons on civilians?

How much easier just to kill the "Leftist" reporter and let the media-apologists patch together the excuses. After all, the legions of Gannon prototypes are already pecking-away at their keyboards whipping up tomorrow's explanations. Obfuscating the truth is the only craft at which they truly excel.

More Whitewash

The cover-up is already in full swing with the media providing the standard smokescreen to conceal the inconvenient details. Bush has promised a thorough investigation, which means that he may convene another "hand-picked" panel of administration loyalists to bury the facts under reams of bureaucratic mumbo-jumbo.

But, it doesn't look like this story is going away any time soon. The furor in Italy could have broad implications and, perhaps, bring down Berlusconi. It's no longer safe to be friends with George Bush. The public rage increases with each new act of treachery and we can only wonder when the laws of critical mass will come into play and when the cumulative weight of five years crime and cruelty will tip the scales and bring the whole wretched edifice down in a heap.

Why are people still using Symbian (0)

Anonymous Coward | more than 9 years ago | (#11879293)

Cars getting infected, cell phones via bluetooth now this.

Re:Why are people still using Symbian (1)

emidln (806452) | more than 9 years ago | (#11879630)

It is very close to impossible to infect a car via a virus like this. In fact, it would be very unlikely to break into a car through a virus in the first place. To communicate with anything vital you're going to have to find something vunerable that has bluetooth or some other means of communication that is also hooked into a CAN bus. Then you have to hope the vulnerability allows you to transmit arbitrary messages over the CAN bus. Then you have to craft the CAN frames in just the right way to exploit a theoretical hole in the CAN implementation. This just might get you access to an ECU that can communicate with the WCM (in Chrysler's case) or another security unit on the vehicle. If you're really lucky, you'll have broken an ECU that is either critical (very difficult to even communicate with) or find an exploit in an ECU that normaly communicates with a critical ECU.

All of this is highly, highly theoretical and unlikely. Especially since most ECUs don't have a generalized CAN software stack, only specifically coded transmit functionality for their specific messages. Of course, if you could port something like NeoVI or CANoe to the symbian and get a CAN card and plug in that way...you might have slightly higher chances. At least the chance of a D.o.S.

Anyway, please stop perpetuating this retarded myth of anything remotely valuable in a car's network being infected by a virus.

Re:Why are people still using Symbian (1)

emidln (806452) | more than 9 years ago | (#11879687)

Of course, if you could port something like NeoVI or CANoe to the symbian and get a CAN card and plug in that way...you might have slightly higher chances. At least the chance of a D.o.S.

Actually, on second thought, that is slightly less likely. How many users would take apart their car, buy a CAN card (around $1000 US), find drivers for their symbian, in fact find a CAN card that works with a PDA, get a company to port their diagnostic software to the PDA, construct or buy a CAN cable (only 4 wires, not too difficult if you have a crimping tool), construct a CAN break-out box, connect the break-out box to the car, make sure all the cabling is right? All of this on the request of a program they didn't even know they had?

Only extreme geeks would do so, if only because of the pain in the ass of following directions. I don't doubt the users are stupid enough, I doubt they are motivated enough.

Who developed it? (1)

Quasar1999 (520073) | more than 9 years ago | (#11879295)

I'm willing to bet that wireless telco's created it to increase revenues... ;)

Re:Who developed it? (1)

Cooler1011 (829888) | more than 9 years ago | (#11879348)

Holy crap! Wireless tacos, you say? Brilliant! BRILLIANT!

Conspiracy Theories.. (1)

PopeAlien (164869) | more than 9 years ago | (#11879381)

Too much tinfoil can cause interference with your cell-phone reception..

besides, it couldnt be the phone companies thats to direct. its obviously the anti-virus companies..

They're in it with the martians.

Re:Conspiracy Theories.. (0)

Anonymous Coward | more than 9 years ago | (#11879559)

Hmmm. I heard that tinfoil actually enhances interplanetary communication.

Re:Who developed it? (1)

PhreakOfTime (588141) | more than 9 years ago | (#11879535)

Why bother with a virus when they already spam you with ads? I had a rather unpleasant experience with verizon not too long ago

I started recieving text messages to upgrade my service to another plan, almost on a daily basis. After awhile I responded to one of them stating that the attorney general of my state would be notified if any more unsolicited messages arrived. Within 10 seconds of sending the reply, my phone rang. It was verizon telling me that in my agreement was a clause allowing them to send 'account-related mesasges' and that I would have to opt-out of it. After ranting for awhile about the fact that I was actually being charged .10 for these texts, I made sure to get a credit on my bill for the messages. The guy sounded a bit taken back that I would ask for a refund of around a buck. However, the whole time I was getting more and more upset with the realization that when you have millions of customers, that can add up quickly. And since Id say only 10-20% would complain about it, thats still a healthy bottom line...

Re:Who developed it? (1)

Xoder (664531) | more than 9 years ago | (#11879686)

That's weird. All of T-Mobile's messages to me are free. And I get about two ads from them a year. (It may be because the voicemail notifications are over txt, I dunno).

Well (3, Funny)

Anonymous Coward | more than 9 years ago | (#11879297)

It's a good thing I have no friends then.

fp! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11879301)

pf!

another good reason to have a simple cellphone (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11879302)

All of my coworkers laugh at me for using such a simple phone with only basic features and services. Guess there are some benefits afterall.

Re:another good reason to have a simple cellphone (2, Funny)

Anonymous Coward | more than 9 years ago | (#11879605)

Actually, we laugh at you for OTHER reasons, but if you want to believe it's your crappy phone, go ahead.

Re:another good reason to have a simple cellphone (2, Insightful)

dapsie (866052) | more than 9 years ago | (#11879751)

You do realize that you have to accept the file and confirm that you wish to install the application? It doesn't spread without actually being installed. The same with the BlueTooth "viruses", first you have to accept the Bluetooth connection - then you have to accept to install the file that was sent to you. No different than eMail viruses nowadays, if you get one - you're an idiot, sorry :p

Re:another good reason to have a simple cellphone (3, Insightful)

gl4ss (559668) | more than 9 years ago | (#11879769)

1: you can keep the mms settings off - there by being immune from this.
2: you need go through the installing of the application yourself.
3: when installing it warns you that it is not signed and potentially unsafe.
4: you could get one of the antivirus solutions which mostly are snakeoil(because if you are smart enough to install one.. wouldn't you be smart enough to NOT click through the install?).

the way this is most probable to spread is by intentional spreding by some kids, like other symbian 'viruses'(they're all programs that you have to click through the install by yourself) it's almost impossible to bump into this by total accident in the wild.

what's to note is that these symbian phones are open in the same sense a pc is - ANYONE can develope anything they want for them(and they're STILL more secure than a pc with the modem plugged to the wall). including you! if you're a nerd you should appreciate that possibility, if you're not wtf you're doing on slashdot anyways?

Liability (4, Insightful)

Thnikkaman (818752) | more than 9 years ago | (#11879311)

I wonder if this falls under the protection of the service provider. It seems to me that they shouldn't be able to charge the user for a vulnerability on their part, but what companies should do and what they actually do are very different things.

Re:Liability (2, Insightful)

hikerhat (678157) | more than 9 years ago | (#11879454)

I was thinking the same thing. It should be like a credit card, where you aren't liable for more than $50 or so of fraudulant charges if you card is stolen.

But my cell phone is about 5 years old now, so I don't have to worry about these things.

Symbian (1)

ickleberry (864871) | more than 9 years ago | (#11879315)

I used to have a symbian phone, I must say I like the OS. But this virus extorting money from people with symbian phones & giving it to the likes of vodafone is just evil. I bet the guy who wrote it works for & supports the operators. Probably some 21 year old conservative stuck up guy named Rupert who gets beat up a lot. Are there any virusses for M$ Dumbphone 2004 OS phones?

It's a bit offtopic, but.. (2, Interesting)

lordsilence (682367) | more than 9 years ago | (#11879317)

I'd like to know why those MMS and SMS are priced the way they are?
Why wont anyone allow a flat-rate service? I mean.. it's data, but Im sure the cost of building the cellular networks should be paid off by now (excluding 3G).. at least here in sweden. (dont know how it's worldwide)

Re:It's a bit offtopic, but.. (4, Insightful)

hsmith (818216) | more than 9 years ago | (#11879358)

Why? Because it is PURE profit right now, if everyone is charging the same, they all can milk users while they can. One day it will be competitive, right now they all "agree" to keep prices high to rip off users. Do you really think SMS messages cost the $.20 they do to send? of course not. $.01 would be expensive still.

Re:It's a bit offtopic, but.. (1)

ickleberry (864871) | more than 9 years ago | (#11879449)

A decentralised phone network would be nice, where people just run their own .8 to 2 watt bases and share their DSL-Bases. where if someone else uses your base you get "points" which can eventually be turned into money. It must be completely decentralised and encrypted so there is no big company on top getting fat from it. That should end the rip-off

Re:It's a bit offtopic, but.. (0)

Anonymous Coward | more than 9 years ago | (#11879831)

But then all the radiation from the numerous base stations would not be healthy.

Re:It's a bit offtopic, but.. (2, Insightful)

Turn-X Alphonse (789240) | more than 9 years ago | (#11879498)

the current price is what 12 year old girls find acceptable... they are happy to pay it so why reduce profits?

Re:It's a bit offtopic, but.. (1)

Cooler1011 (829888) | more than 9 years ago | (#11879634)

Ah yes, the ignorant masses ruin everything for us smart folk once again.

Re:It's a bit offtopic, but.. (1)

Humorously_Inept (777630) | more than 9 years ago | (#11879648)

MMS is priced the same way data is on most packages: by the KB. You can buy data packages and be covered by a flat rate up until you exceed your package's quota. SMS messages are charged a flat rate per message (they are not packet data, but they can be on some modern networks depending on your phone and what else you're doing on the phone at the time -- in this case you'd pay per KB), or similarly you can buy a package of messages and be covered until you exceed your quota.

It's the same for long distance telephone calls, internet hosting services, your car's warranty, what have you, yatta and etc. This is not a new business model.

T-Mobile offers unlimited data/SMS (1)

supersat (639745) | more than 9 years ago | (#11879922)

T-Mobile offers unlimited data and SMS on their Sidekick plan. I'm pretty sure they offer unlimited SMS to encourage people to use it instead of email/IM, which take up more air time/bandwidth. As an added plus, the Sidekick stores SMS messages on your SIM, so they can't be retrieved should someone discover your password. ;)

LOL (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11879318)

That's what happens when you load everything but the kitchen sink into a phone.

Here's an old school idea that doesn't get viruses and doesn't cost nearly as much. Use a phone, cell or otherwise, as a phone and nothing else. If you use the cell phone for messaging and picture taking and the IP phone for checking inventory(Cisco), all the while ignoring the quality of the phone calls then you can expect to have trouble.

Yea, mod me down. Whatever.

Re:LOL (2, Funny)

WormholeFiend (674934) | more than 9 years ago | (#11879391)

Here's an old school idea that doesn't get viruses and doesn't cost nearly as much.

Ha! When I was your age, "old school" meant using a rotary dial, pulse landline.

Re:LOL (0)

Anonymous Coward | more than 9 years ago | (#11879565)

"Ha! When I was your age, "old school" meant using a rotary dial, pulse landline"

whippersnapper! Back in my day we used smoke signals and drums. And thats how we liked it. /now git off my lawn!

Re:LOL (1)

DevolvingSpud (774770) | more than 9 years ago | (#11879585)

Luxury.

We had a telegraph, and it suited us just fine (spits).

Of course, every now and then a herd o' buffalo would knock down a pole, and we'd have to go ridin' out there to fix it in a blizzard. But, then, I guess you youngsters are used to havin' it easy.

(Eagerly awaits even-more-outlandish response)

Re:LOL (0)

Anonymous Coward | more than 9 years ago | (#11879694)

Well at least with a pulse line, and with them fancy acoustic modems, we could connect to teh local BBS.

Try doing that with your telegraph.

cost of text/data messaging... (0)

Anonymous Coward | more than 9 years ago | (#11879326)

Cell phone carriers should have some way of distinguishing from messages that are the result of virii/spam and not charge the affected cell customers for those activities. If they don't, I see hordes of cell phone customers suing carriers chanting "Can you hear us now???"

they deserve it (0)

Anonymous Coward | more than 9 years ago | (#11879335)

i mean, like, these dumb kids who spend
2$ for a simple 150x100 pr0n pic..

i want to get rich that way, too.

Carriers... (1)

.silG.00 (683700) | more than 9 years ago | (#11879336)

I guess the Cellular companies are happy... especially here in mexico where cell calls/services are overpriced :/

Eh.. (3, Interesting)

Eric(b0mb)Dennis (629047) | more than 9 years ago | (#11879338)

So, the question is...

Are the customers reponsible for all the charges incurred from this virus? Being that it probably uses a flaw in the phone's OS itself.. how is this going to work?

Nobody is going to want fancy new fangled smart-phones if they get infected with viruses and run up your phone bill monthly..

Re:Eh.. (4, Insightful)

plover (150551) | more than 9 years ago | (#11879378)

If I had a phone like this and it was infected, and it ran up a huge bill, I'd first talk to my service provider. If they refused to waive the charges, I'd then talk to the cell phone manufacturer.

Seems like the cell providers could kill this quickly. Can't they recognize the virus signature in the messages that are transmitted? And can't they trace them back through the links to find out where it originated? Are there really holes that big allowing people to upload crap like this anonymously?

Re:Eh.. (1)

WormholeFiend (674934) | more than 9 years ago | (#11879437)

Are there really holes that big allowing people to upload crap like this anonymously?

Though I haven't checked lately, my cell provider's webpage had an interface to send text messaging to cellphone subscribers...

So if you took your war-messaging script to a cybercafe, you'd have some measure of anonymity...

Re:Eh.. (1)

plover (150551) | more than 9 years ago | (#11879561)

Good point. My understanding is this is an MMS virus, though. Can you inject an MMS anonymously via the web, too? Given the price they charge for the damn things, I'd sure hate to be spammed by web-generated MMSes.

Re:Eh.. (1)

Cooler1011 (829888) | more than 9 years ago | (#11879669)

If they charged you for that, than it wouldn't be fair. Its not your fault there are gaping holes in the security of the OS they're using.

If the virus sends a relatively uniform... (4, Interesting)

HaloZero (610207) | more than 9 years ago | (#11879344)

...message, on an already well known-format, shouldn't it be possible for service providers to block the messages through the MMS MX handlers? And/or simply not bill the customer for the sum of messages sent with that format. Of course, isolate them from the network if possible (remove their permission to emit MMS messages at the MX) until the malware can be removed from their device. Just a thought. Doesn't really seem right to charge users for something like that, espicially the less savvy who might not know-any-better.

Re:If the virus sends a relatively uniform... (4, Funny)

Capt'n Hector (650760) | more than 9 years ago | (#11879487)

"Doesn't really seem right to charge users for something like that, espicially the less savvy who might not know-any-better."

Yeah, god forbid a cellphone company take advantage of unsavvy customers....

Re:If the virus sends a relatively uniform... (5, Insightful)

plover (150551) | more than 9 years ago | (#11879527)

It's not in the short-term best interests of the cellular providers to block the virus. First, it involves acknowledging the virus exists, which tends to scare people. Next, and here's the cynical greedy part, people who blindly pay their cell phone bills every month without complaint make up a large part of their customer base. If they can make a few million dollars off the virus, where's the incentive to shut it down? Willingly give out reimbursements to anyone who complains, but let the rest of them just continue to fork over cash.

Sorry to be so cynical, but I just see these "services" (and all cell phone costs) as tremendously overpriced. It's just data. The bandwidth has a fixed cost (it's just the sum of maintenance, capital investments, marketing, etc.) Throw in 10% or 20% over cost for a profit margin, and call it done. But no, they have to have "minutes" and "plans" and "packages", all of which are expressly designed to mislead the buyers into spending as much money as possible, regardless of the amount of "service" they "consume." And we, the sheeple, consume it readily.

Re:If the virus sends a relatively uniform... (1)

t_allardyce (48447) | more than 9 years ago | (#11879866)

Shut up and stop questioning the fairness of the capitalist system or i will report you to the FBI for communism.

Re:If the virus sends a relatively uniform... (1)

swb (14022) | more than 9 years ago | (#11879951)

It reminds me of a girlfriend I once had. We had to have "dates" and "birthdays" and "presents", all of which were expressly designed to mislead me into spending as much money as possible, regardless of how much "service" I actually consumed.

Re:If the virus sends a relatively uniform... (1)

t_allardyce (48447) | more than 9 years ago | (#11879629)

Are you joking? do you know how much profit phone companies make from MMS!? for them this is malware heaven "whats that sir? you say your phone has a virus and now your phone bill has gone through the roof? oh dear, we can send you the anti-virus patch over the network.. for a one time fee, but we can't cancel the charge from messages the virus sent.. company policy"

Re:If the virus sends a relatively uniform... (1)

KhaZ (160984) | more than 9 years ago | (#11879642)

For Khaz Modan!

Thank you, thank you. I'd like to thank all the talented nominees, and of course, God, above all.

One love.

(-1: Offtopic)

I hate the name of that OS (0)

Anonymous Coward | more than 9 years ago | (#11879345)

I keep misreading it as sybian every time I see it.

Re:I hate the name of that OS (0)

Anonymous Coward | more than 9 years ago | (#11879448)

If what you're talking about is what I think you're talking about, presumably you could set your phone to vibrate and sit on it....

and they just keep coming! (0)

Anonymous Coward | more than 9 years ago | (#11879773)

I wouldn't want one of those with a virus!

Trojan not virus (5, Informative)

lxdbxr (655786) | more than 9 years ago | (#11879368)

I know the nomenclature is largely ignored nowadays, but I would call this a trojan not a virus since it requires the user to run it to start spreading: Quote from the ZDNet [zdnet.co.uk] version of the story:
A recipient also has to accept and download CommWarrior in order for the Trojan to launch itself.
It's not like it starts running as soon as you open the MMS message; you actually have to take steps to run the application contained in the message. Of course some people will run anything...

Re:Trojan not virus (0)

Anonymous Coward | more than 9 years ago | (#11879562)

A trojan IS a virus. It's like calling a Lion a cat. It's true, but it's a subclass of cat. There are also Tigers, housecats and any number of other cats.

What this is NOT is a Worm... Which is also a virus, but is not a trojan.

Re:Trojan not virus (0)

Anonymous Coward | more than 9 years ago | (#11879677)

A trojan IS a virus.

I thought my Trojans were supposed to protect me from viruses! Better switch to LifeStyles.

Re:Trojan not virus (2, Informative)

Anonymous Coward | more than 9 years ago | (#11879849)

A trojan is NOT necessarily a virus. Here's the difference:

A trojan is a piece of software that contains malicious code, which COULD be a virus or worm, but it is not necessary. It could simply do something nasty without spreading.

A virus is a piece of malicious code that attaches itself to another program. Just like biological viruses infect cells to reproduce.

A worm is a piece of malicious code that simply replicates. For example the original Internet worm broke into other systems and executed itself from the new host to spread further. It did not attach itself to other programs.

Re:Trojan not virus (2, Informative)

ms139us (723585) | more than 9 years ago | (#11879675)

Parent is correct. Has anyone on slashdot ever tried to install unsigned software on a Symbian device?

It is littered with warnings and confirmation screens. Anyone who got this virus had to endure the installation process confirmations. It is worse than a EULA.

I find that I lack sympathy for a user who repeatedly selected "ok" and "continue" after being warned that this software cannot be verified -- software that arrived unsolicited.

It takes a whole new kind of inattention to allow this virus to spread.

Viruses (3, Funny)

zecg (521666) | more than 9 years ago | (#11879387)

Anti-virus software is a sign of platform's maturity... a sort of an OS Bar Mitzvah. There are probably Nokia engineers working on new worms, tightly collaborating with their anti-virus engineers.

Well at least there's one alternative (4, Funny)

PsychicX (866028) | more than 9 years ago | (#11879396)

Get a Windows CE phone :)

Re:Well at least there's one alternative (1)

Valdrax (32670) | more than 9 years ago | (#11879681)

I think this idea falls into the "Ow! Ow! Ow! Stop hitting yourself!" category.

Should this cost consumers? (4, Insightful)

junkcannibal (849421) | more than 9 years ago | (#11879447)

It seems to me that since most people get their phones for free when they sign up for a plan, the cell phone companies should bear the cost of this virus. This cost will inevitably be passed on the the concumers. My point is that it should be the responsibility of the cell phone companies to keep their products and their networks free of viruses. Dwight Yokel BEEP BEEPING his neighbor in the next trailer over, should not be expected to pay and money or attention to this sort of concern or worry about extra charges on his bill because his cell phone company runs a flawed service.

Re:Should this cost consumers? (1)

AvitarX (172628) | more than 9 years ago | (#11879557)

yeah Dweight Yokel should expect me, and the other whatever percentage of the users that don't get this or don't even buy a new enough phone to be vulnerable to pay for him.

Maybe Dweight Yokel got a computer training lesson he won't forget, and for less money then a computer school.

Re:Should this cost consumers? (1)

jms1 (686215) | more than 9 years ago | (#11879571)

Actually, the phones which are capable of being infected by this virus are NOT the ones they give away free. These are all running SymbianOS, which means for the most part they are high-end phones which have PDA and/or computer capabilities.

My own telephone is one which could be infected. I have already contacted T-Mobile to find out if they plan on filtering this as it passes through their servers. In the meantime, I just won't accept MMS messages from people I know without verifying that the sender actually meant to send them... and of course I wouldn't accept an MMS message from somebody I don't know in the first place, so unless the virus writers find a way around the "user must accept the message" requirement, I don't feel myself to be in any danger.

No! That would be very bad. (1)

xtrvd (762313) | more than 9 years ago | (#11879658)

This begs the question though, that in the same circumstances of having a MMS provider being responsible for their traffic, shouldn't ISP's be responsible for the traffic being issued over their lines too? But wait a moment, aren't they released of all liability due to their title as a 'common carrier'?

Before you start pointing the finger at the ISP's, you have to think deeper into the repercussions of moderation of their networks. More moderation simply means more people to control what is being passed through; this means more salaries to pay. It wont be like Slashdot where everybody volunteer's, but rather just like any other business where people are paid to do their work. These additional salaries will be paid for by your MMS messages which already cost a hefty amount.

Suddenly somebody is sending child porn over their cell phone. Will the MMS provider be responsible for this content now? I don't believe it is fair to put all of this weight on the shoulders of the ISP, primarily because it's the users of the service who will be hit the hardest in times of moderation.

I don't know about you, but I would rather have a 'free' internet where I can do what ever I want (within a legal boundary) instead of having a MMS provider or ISP monitor and decide what I can and cannot do.

Sometimes people simply have to take their own responsibility for being on these networks.

great! (0)

Anonymous Coward | more than 9 years ago | (#11879460)

So will this get MMS to work on my phone?

Just don't install stuff you got over mms from.. (2, Interesting)

gl4ss (559668) | more than 9 years ago | (#11879466)

someone you didn't expect to get it from.

this needs manual installation by the 'victim'!

not very likely to spread too far either - a lot of people don't have even the mms settings in place.

Re:Just don't install stuff you got over mms from. (3, Interesting)

d95adam (621910) | more than 9 years ago | (#11879774)

...but the text in the MMS says: "Your cell phone clock may be wrong. Would you like to keep it accurate?"

Time to rob the rich and give to the...rich (2, Funny)

CDOS_CDOS run (669823) | more than 9 years ago | (#11879490)

What was Paris's #, I need to send her a mms message.

Sure would like a link... (1)

gardyloo (512791) | more than 9 years ago | (#11879491)

....to the article mentioned in the /. blurb.

Re:Sure would like a link... (0, Flamebait)

gardyloo (512791) | more than 9 years ago | (#11879519)

christ, I'm a dumbass.

Re:Sure would like a link... (2, Informative)

Shachaf (781326) | more than 9 years ago | (#11879536)

There is a link. It's at the top: CommWarrior.a [infosyncworld.com] .

Symbian AntiVirus... (1)

larrypatrickmaloney (556409) | more than 9 years ago | (#11879501)

Not to toot my own horn, but I worked for a company last year, where we made an AntiVirus product for Symbian, which can handle SMS message viruses. website: http://www.fb-4.com

Why the panic? (0)

Anonymous Coward | more than 9 years ago | (#11879511)

As other posters have mentioned this is a trojan, not a virus. It requires the user to actively choose "Yes I wish to install" and following that it requires them to choose "Yes, I know it's from an untrusted source but install it anyway".

This is hardly going to take over the world. What we should really be worrying about is the possibility of a real virus/worm - something that spreads without user interaction.

Looks like a trojan, not a virus (4, Interesting)

bojanb (162938) | more than 9 years ago | (#11879520)

From TFA:
CommWarrior periodically sends MMS messages to randomly selected contacts, including a copy of itself and one of several predefined text messages designed to encourage the recipient to install the application.

Doesn't really seem this is Symbian's fault, CommWarrior just behaves like a malicious application. The user obviously has to install it and then run it to get 0wned.

Of course, some sort of sandbox environment like in Microedition Java would have been a better design, but I guess Symbian simply wasn't built with something like this in mind. I know Nokia is pushing a model where only certified developers will be allowed to write applications that access sensitive functionality (dialing numbers, sending messages, etc.), but this is not a great solution. It will drive the cost of applications way up, and shaft all the small app developers, because only the big guys will have their apps signed by Nokia.

Re:Looks like a trojan, not a virus (2, Informative)

enjo13 (444114) | more than 9 years ago | (#11879698)

That effort is actually being driven by Symbian. Accessing sensitive information on both future UIQ and Series 60 (And any other Symbian derivative that pops up) will require priviliges via signing.

hehe (2, Informative)

Turn-X Alphonse (789240) | more than 9 years ago | (#11879533)

When will people learn the more features something has the more holes it has in it. My cellphone can take calls and text, doesn't even display colour but if I have a car accident or I get injured it'll do the job just as well as any "3G super mega hyper magical edition" phone.

Maybe people need to learn that the home phone is better for calling friends and mobiles are mostly for emergencies and when someone needs to urgently contact you..

Easy solution (0)

Anonymous Coward | more than 9 years ago | (#11879564)

Don't buy MMS capable cellphones. They're pricey to operate even if they're cheap ("give away razors, sell blades" sounds familiar?). Service fees from cellphone companies are 21st. century #1 ripoff, there's no reason to help them making more money.

Gotta luv a biz model that rewards this, don't you (1)

gelfling (6534) | more than 9 years ago | (#11879570)

I just love vendors who shrug and say "This is gonna hurt you a lot more than it's gonna hurt me. Sucks to be you."

What's the name of this company, 'Lumburg'?

CommWarrior on Symantec (1)

Evil W1zard (832703) | more than 9 years ago | (#11879588)

Per Symantec - SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. -- So how many Lexus's are affected? (OK I dont like Lexus's so from now on multiple Lexus vehicles are referred to as LEXEN!)

News like this (1)

CastrTroy (595695) | more than 9 years ago | (#11879660)

News like this makes me happy that I have a very simple phone with simple features. All a phone really needs is to be able to store numbers and make phone calls. That's it. Anything else that could in any way compromise security should not be included.

All YOUR phone needs, asshole. [nt] (0)

Anonymous Coward | more than 9 years ago | (#11879958)

At least... (0)

Anonymous Coward | more than 9 years ago | (#11879661)

... we can really measure the cost this virus wrecks - instead of those ungodly amounts that everyone and their grandmother panders about when a PC virus spread...

Um...it's transmitting (4, Interesting)

SamMichaels (213605) | more than 9 years ago | (#11879676)

Perhaps I mis-RTFA or just don't understand MMS, but whenever my mobile is active it causes amplifier noise (talk or send/receive SMS). CDMA or GSM. Computer speakers, car stereo, whatever. Wouldn't a constant transmission be noticable?

WTF? (1)

CPgrower (644022) | more than 9 years ago | (#11879706)

Why isn't the cell phone's embedded code not written and executed in read-only memory? I understand there *may* be a need for volatile memory to read/write data to a stack/heap; however, why should data written to such memory *ever* be executed as code! I'd really like to know from someone who writes embedded systems for cell phones.

getting a virus on a Symbian? (0)

Anonymous Coward | more than 9 years ago | (#11879715)

Why is it a big deal to get a virus on a symbian, I've seen what they use those for in the industry, and those girls can't be that clean...
(oblig syb-symb reference)

Kind of depressing isn't it? (2, Insightful)

hey! (33014) | more than 9 years ago | (#11879728)

I mean, the RFCs for MIME came out, what twelve years ago? Injudicious MIME implementations have been vectoring trojans ever since.

So, you'd think they'd have taken a lesson from a decade of history and limited the power of multimedia attachments.

This issue is easily solved (3, Interesting)

harshaw (3140) | more than 9 years ago | (#11879983)

Modern phone operating systems have security features built in where the application installer will only allow *signed* applications to be installed. A virus / trojan wouldn't get signed because it has to go through an acceptance program.

The first Microsoft smartphone product had this feature turned on - normal joe's couldn't install software that hadn't been signed (the signing process usually costs $$ although recent efforts have reduced the cost).

Symbian *has* the same functionality. In fact, most commercial symbian software should now be signed, see Symbian Signed Symbian also has the functionality to disallow users to install unsigned programs. It is just that this feature is turned off by default (at least on the phones that I have seen).

Theoretically, all an operator needs to due is send an OTA message to turn on signing verification. This is easily done on a windows mobile and presumable via WAP push on Symbian. We probably will see operators start to turn on signing requirements by default on symbian phones (hopefully with the capability for users to turn it off so they can install freeware if they so choose).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?