How to avoid phone viruses


By David Geer, CSO

Mobile phone malware - viruses, worms and Trojan programs created to attack the devices - are rare, but starting to appear in Japan and Europe, where 3G technology is more popular, according to Corey Nachreiner, a network security analyst at vendor WatchGuard Technologies.

By the time such malware hits domestic users' handsets the programs are expected to blend into more complex threats. Some examples recently hitting overseas users include:

  • The Doomboot trojan perpetrates denial-of-service attacks by billing itself as "Warez" - premium games that have been compromised to allow free use, says Seth Fogie, VP at mobile security vendor Airscanner. Devices work until they are rebooted. Doomboot enters via Bluetooth's discovery mode, the Web and e-mail.
  • Cardtrap spreads to phone memory cards - which can be inserted in computers to sync up a music download, picture or ringtone - where it can infect again, Fogie says.
  • Redbrowser is a Russian wireless application protocol browser that offers itself to users who don't have one. It offers to send free SMS messages but actually charges the user US$5 to $6 per message.
  • Crossover detects and infects devices via an ActiveSync connection for Windows PCs. It can spread from phones to computers. Crossover has not been detected in public yet; in concept it fills up phone memory with useless data and exhausts phone resources.

  • More generally, buffer overflow vulnerabilities exist in the Windows Mobile software, according to Fogie, in cases where an application has not been programmed to properly check the format of incoming data. Such attacks will become more prevalent as the platform grows, Fogie says.

    Things you can do

  • Educate users that mobile phones are vulnerable and they should not install anything on them unless it's from an authorised source.

  • Secure and control phones. Use mobile versions of firewalls and antivirus protection. (Examples come from F-Secure, which offers both, and TrendMicro, which offers an antivirus product.)

  • Secure phone ports. Many phones have USB ports. Corey Nachreiner of WatchGuard Technologies advises getting USB control software, which allows an administrator to regulate which devices (including mobile phones) are allowed on a computer's USB ports.

  • Secure Bluetooth. If the user doesn't need Bluetooth, disable it. If the service is needed, the end user shouldn't accept connections from unknown parties.

  • Set policies. CSOs or CISOs can enforce policies around downloading or opening files from unauthorized sources. Don't open or accept any unexpected attachments; verify a known party's intent to send one.

  • See Also :

  • Asus M930 Released in India
  • Top 24 Must Have Applications For Your Nokia N95
  • 6 Things You Never Knew Your Cell Phone Could Do

  • You may also like to read these :

  • Scan your Linux-Distro for Root Kits
  • How to remove Hacktool.Rootkit
  • Ways To Stop Computer Malware
  • 10 Tips For Virus Free
  • Top 5 Free Anti Virus
  • Top 7 Best Free Online Scan
  • How to test your antivirus software functioning properly?


    0 comments to "How to avoid phone viruses"

    Post a Comment