Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks.
Fortinet's threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include handsets such as Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.
The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3 or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones.
Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon "clicking" on the attachment. "Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software," warned Fortinet.
After installation, the worm harvests all the phone numbers located in the phone's contact lists and targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well.
Interestingly, all these numbers are located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers.
Guillaume Lovet, manager of Fortinet's Threat Response Team, EMEA, and the man who conducted the research and discovered this malicious activity, said that this is not just another 'theoretical' mobile worm that nobody will ever encounter.
............................
