Cloud of New Viruses to Follow Smart Phone Explosion

Feb. 5, 2007 (Vol. 28, No. 3) 

Tick, tick, tick … Your youngest IT staffer is like Jack Bauer in an episode of “24,” except he has just 60 minutes – not 24 hours – to discover he has unwittingly loaded the “Doomboot.A” Trojan horse on his new smart phone.

It’ll take an hour for the Commwarrior.B worm delivered by Doomboot to exhaust the device’s battery by sending itself to other phones over Bluetooth and MMS messages. The barrage of MMS messages will cost you, too – think a couple dozen per minute at about 25 cents each. If our hero makes the mistake of rebooting, the corrupted binaries deposited by Doomboot will force him to reformat the device, erasing all data.

Welcome to the age of smart phones, where a cell phone is no longer just a portable communication device but a mobile computer capable of transmitting e-mail, surfing the Net, making PowerPoint presentations and being infected by viruses. Discovered in mid-2005, Doomboot.A is one of roughly 350 strains of malware that now targets mobile devices.

The Trojan horse, which invites cell phone users to load a free copy of “Doom 2 Cracked,” is known to have infected fewer than 50 devices. But Doomboot.A is only one of at least 24 variations of the Doomboot Trojan horse. Another offers to load wallpaper images of Angelina Jolie. There are other mobile threats, too. “Skulls” disables a phone’s icons and displays them as skulls with crossbones. “RedBrowser” sends text messages to premium services at $5 a pop. 

Antivirus Software $47 per Device

The current threat of viruses being spread among smart phones is miniscule when you consider that roughly 350 new attacks are launched each week for Windows, says Sam Curry, VP of eTrust threat management solutions at Islandia, N.Y.-based IT management software developer CA, formerly known as Computer Associates International Inc. On a scale of one to 10, Curry ranks mobile threats at a two or three.

But don’t expect to enjoy this state of relative safety for long. Malware writers will increasingly target smart phones as the market heats up, warns Ron O’Brien, senior security analyst for Boston and Oxford, U.K.-based antivirus software developer Sophos. Worldwide, Gartner research estimates 75 million smart phones were shipped in 2006, with another 120 million due to ship in 2007.

Sophos is one of at least eight companies that provide antivirus software for smart phones [See list.], but you’re not alone if you’re not employing any of these firms’ solutions. Just 36% of enterprises use antivirus software on mobile devices, Sophos found in a recent study, according to O’Brien.

It’s no wonder enterprises are hesitant, with prices on some mobile antivirus software reaching $47 per device for an annual subscription. That’s $45,000 to cover the cost of protecting 1,000 smart phones, for example.

There haven’t been any widespread smart phone viruses to scare enterprises into implementing strong antivirus security measures, notes Jeanine Sterling, senior program director of InfoTrack for Enterprise Mobility at The Telecom Intelligence Group. “The belief is that companies should be preparing now for attacks that will most likely emerge in a significant way one to two years down the road.”