Some time ago I published a two part article (part one, two) in the Security Focus on the subject of Bluetooth security. As part of the article I discussed worms that were appearing on mobile phones at that time. I am still active in researching the Bluetooth security, but my current attention is more on Symbian OS related aspects, rather than communication medium such as Bluetooth. As part of my research I’ve been analysing various worms that appeared on mobile phones. As part of my analysis I tried to capture some mobile viruses in the wild. Over the period of one month the following mobile malware files were sent to my Bluetooth discoverable device:
0skhpg_o.sis, 1x2iz6bcy.sis, 44wp7kjbxp.sis, e9e7p7gr9v.sis, ohvrl0xy.sis, p39ej_em.sis, w_pp2ercgk.sis, xgjgxj7bu.sis, xix4w39.sis, y9wwx06.sis, yoejh0v0.sis.
- A file is being beamed to a mobile phone from infected mobile phone within Bluetooth range.
- User is asked to accept the file transfer (YES / NO) - mostly Nokia phones, on majority of other phones such as all Sony Ericsson models, the file transfer is being automatically accepted.
- User is being asked to open the transferred file – (YES / NO).
- User is asked if application should be installed – (YES / NO).
- Optional: User is being informed about lack of vendor signature on the file and asked if still install. – (YES / NO).
becomes infected and starts to spread. Mobile
Note: During this process no activity is visible to owner of infected mobile phone, except of a change in Bluetooth icon on some phones to transfer mode.
Einstein said “Two things are infinite: the universe and human stupidity; and I’m not sure about the universe”. This quotation helps to imagine how knowledgeable are people who got their mobile phones infected with CommWarrior. First, in order to get your mobile phone infected, you need to have your Bluetooth enabled and discoverable mode – basic rule of mobile security says to disable Bluetooth or set it to non-discoverable mode. Second, you need to accept the Bluetooth beam transfer of a strange looking file – another basic rule says you should not accept any unexpected file transfers. Third you need to click YES three or four times in order to install the worm, while seeing number of warning that it might not be good idea to click YES. Thus, I really think there is clearly something wrong with these people. I think the answer could be that warning messages on hand phones are often displayed in English language, thus some users in
To get more information on CommWarrior and removal instruction, refer to the following sites:
If you are sadomasochist and would like to infect your phone with a mobile virus, you can download CommWarrior worm files from here: CommWarriorA, CommWarriorB. I’ve bravely captured these in