Will 2011 Be the Year of Mobile Malware?

Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes.

By Jeremy Kirk
Tue, December 21, 2010

IDG News Service — Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes.

None of those prognostications have really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users -- while generally aware of threats aimed at their desktop computers and laptops -- have a good chance of being caught flat-footed with their mobile phones.

In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 percent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner (IT). Smartphones are Internet- capable and therefore more vulnerable to attack than other mobile devices.

The threats against those devices are going to come in several categories:

Rogue applications: Marketplaces for mobile applications are becoming increasingly popular for platforms ranging from Apple's iOS and Google's (GOOG) Android to Microsoft's (MSFT) Windows Phone 7 and Symbian. Apple maintains tight control over its App Store, which has helped reduced rogue applications from being offered. But bad applications for other platforms have popped up.

In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions.

The mobile app carried a legitimate signing certificate, which allowed it to be downloaded and installed on devices. The development was particularly disconcerting as many banks are looking at using mobile phones to send one-time passcodes by SMS (Short Message Service) rather than issuing separate devices that can generate the code.

There's little defense from sneaky rogue applications, but users should be generally careful about downloading programs, particularly for platforms where those applications may not be vetted so closely.

Traditional malware: While desktop OSes such as Windows are plagued by malware, there have been far fewer malicious programs aimed at mobile devices as of yet. But researchers have seen applications such as rogue dialers, which will send SMSes to premium-rate numbers owned by the fraudsters. Other threats include worms spread by communication protocols such as Bluetooth.

With the increase in use of tablet computers that use mobile operating system, those devices will also be subject to those same threats. "We do believe that is going to arrive in the next 12 months," said Bradley Anstis, vice president of technical strategy for security vendor M86. Malicious hackers are "lazy people, they will always go after the low-hanging fruit."

Continue Reading

Our Commenting Policies