Fortinet investigates new SMS mobile worm: Yxes.A
ConvergenceAsia staff
20/02/2009

Provider of unified threat management (UTM) solutions Fortinet has investigated the case of a new mobile worm resorting to a breakthrough propagation strategy, which leverages SMS messages and Internet access.

This new worm, deemed SymbOS/Yxes.A!worm (also known as "Sexy View"), is targeting mobile devices running Symbian OS S60 3rd Edition (eg Nokia 3250), but may run on a wider range of devices, as it has been reported to function on phones operating Symbian OS S60 3rd Edition FP 1 (eg Nokia N73). It bears a valid certificate signed by Symbian, and installs as a valid application on factory mobile devices running S60 3rd Edition.

The Yxes mobile worm is reported to be currently spreading in the wild. The worm gathers phone numbers from the infected device's file system, and repeatedly attempts to send SMS messages which feature a malicious Web address (URL); upon "clicking" on the address in the received message, the recipients will download a copy of the worm (provided their phones/subscriptions allow for internet browsing).

Beyond propagating to as many users as possible via the strategy mentioned above, the worm's aim is to gather intelligence on the infected victim (such as serial number of the phone, subscription number) and post it to a remote server likely controlled by cyber criminals.

The full advisory can be found here: http://fortiguardcenter.com/advisory/FGA-2009-07.html.

advertisement