By Peter Conmy
It had to happen: The first computer virus that affects mobile phone users has been unleashed. Spanish mobile phone users found themselves bombarded with SMS messages.
It had to happen: The first computer virus that affects mobile phone users has been unleashed.
Customers of the Spanish telecom operator Movistar found themselves bombarded with Short Message Service (SMS) messages attacking the phone company this month.
The virus called “Timofonica”, meaning “phone con”, or “phone rip-off”, does not cause any damage to mobile systems, or to the PCs it infects, but thousands of users have been hit with the unwanted “spam” messages.
The virus, which spreads through computer email systems, was isolated by the Russian Kapersky Labs anti-virus specialists. So far attacks have mainly been confined to GSM devices in Spain.
The text message that was sent to mobile handsets criticized Movistar over its monopoly of the Spanish telecoms market - it is suspected that the orginators of the virus are Spanish.
Timofonica spreads like the highly destructive “I Love You” virus which caused havoc to PC users around the globe in May.
The virus, classified as an email worm, spreads itself via a user’s email programs. When the user opens a file attached to the message, the virus is activated.
It duplicates itself and sends email messages carrying the duplicates on to every address that is stored in the address book. It also sends a mail to a randomly generated SMS address for every email that it sends.
Movistar use numerical addresses for message service users and the virus simply creates random strings of numbers and attaches them to the address of Movistar’s SMS Gateway to post messages to random Movistar customers.
The attack is especially embarrassing for Timofonica which has invested heavily in the Internet, and has recently bid $12.5 billion for the search engine company Lycos.
Although the Timofonica virus doesn’t actually harm mobile phones or the host PCs, some experts are worried that it could just be the first attack directed at mobiles, and next time more serious damage could be inflicted.
It is very common for virus creators to simply copy the delivery method of previous viruses and change the destructiveness of the payload.
The email delivery method does not actually target phones, but the fact that the creators could target mobile addresses suggests that it could be possible in future. Whether or not the Short Messaging Service could provide a backdoor into a mobile handsets operating system is unclear.
With convergence of systems the potential for all parts of a computer network, from WAP-enabled phones through to notebooks and servers, to be hit by virus outbreaks is increasing rapidly. Most anti-virus software is intended to protect PCs or Servers, with virtually no solutions available for the wireless market.
So far the wide range of platforms, operating systems and communications systems has meant that creating a virus that would work on so many different platforms was next to impossible, but by bringing the various platforms into line, through initiatives such as WAP, a whole new area of communications may become open to virus attack.
During the “I Love You” outbreak there were numerous reports of fax machines that began printing out pages of code becuase they were linked to email services. Landline phones have already been the target of one hacker attack. The “911 bug” bombarded emergency services with calls from computers that had been taken over by hackers.
Some experts are dismissive of the possibility however. Security Analyst Dan Schrader pointed out that just because mobiles could be targetted it didn’t mean that they would be: “Theoretical problems don’t always materialise in the real world,” he said.
“We have identified the potential to create Java applet viruses, but two years later we have yet to see one. Virus writers tend to attack the most widely adopted technologies making Microsoft’s personal computing software the primary target for now.”