Derek Manky, security research engineer with Fortinet’s Vancouver research and development department, said he’s seeing new malware activity and trends as the Symbian operating system becomes more popular.
“Symbian is definitely a favoured platform,” he said.
The virus’s propagation routine is “not so unique, but effective,” Manky said. The user receives what appears to be a multimedia message — a jpeg or MP3 file — but is actually a Symbian Installation Source (SIS) file. Because the OS types files by content rather than extension, the SIS file can masquerade as something else.
“Add a little social engineering and it becomes very efficient,” Manky said. The files carry evocative names like “beauty,” “love” and “sex.”
When the user clicks the attachment, the install script runs. While the OS does display a warning message that it is not a trusted application and could cause problems, many users install anyway.
While it’s generally not necessary to install and application to play a multimedia file, many new users are folled. “An uneducated consumer might think that’s standard operating procedure,” Manky said.
Once installed, the worm harvests contact information from the phone and sends itself to those numbers. Oddly, it also generates a list of contacts — all numbers on one Chinese mobile carrier’s network — and sends itself to those phones.
“It seems to target certain numbers as well,” Manky said. But researchers are scratching their heads over why.
“That’s the behaviour that’s been observed,” he said. It’s actively under investigation, he added.