July 8th, 2009
Transmitter.C mobile malware spreading in the wild
Researchers from NetQin Tech. are reporting on a newly discovered mobile malware variant (Transmitter.C) distributed through a modified version of legitimate mobile application. Upon execution, the malware attempts to automatically spread by SMS-ing hundreds of messages linking to a web site where a copy of it (sexySpace.sisx) can be found.
NetQuin’s CEO, Dr. Lin Yu provides more insight into the nature of the malware, its financial implications for the infected user, as well as thoughts on the future of mobile malware.
Go through the Q&A.
Dancho: What are some of the characteristics of Transmitter.C?
Dr. Lin Yu: As a foreign variant of previous erotic short message virus (Transmitter.A), this virus camouflages in a normal third party mobile phone software ” Advanced device locks” to inveigle the users to install it.
After installation, this virus will be automatically started up. Just a minute, it will automatically access network for about 3 minutes. Later, this virus will send short messages externally at interval of 10 - 15 seconds. As can be observed from the communication record, there are large amount of records of sending short messages, all the numbers to which short messages are sent are strange numbers, but it is completely impossible to find the record of short messages that have been sent in the Sent Box.
After having sent about 500 strange short messages, this virus will traverse the cards folder to send out short messages. Furthermore, this virus can automatically identify mobile phone languages and send different short message contents including “Classic Gongfu stories, City passion, Wife change, School girl, Violent incest… Please immediately access?” A very interesting girl. Try it now!” etc., and attach a URL after each short message.
This virus will run away with user’s tariff by sending out short messages at such high frequency. In addition, it is very likely that this virus forcibly subscribes some services for the users, thus consuming user’s tariff.
Furthermore, this virus has transmissibility. In the form of obscene short messages, it will inveigle the users to click the links in the contents of short messages. Upon clicking such links, a user will download virus to his/her mobile phone, becoming the next virus-spreader. In addition, this virus can also transmitted in the form of legitimate third party software that is put in the Website and Forum for downloading mobile phone software.
- Go through related mobile malware posts: Attacks on NFC mobile phones demonstrated; New mobile malware silently transfers account credit; New Symbian-based mobile worm circulating in the wild
Dancho: How is Transimitter.C different than any other Symbian malware?
Dr. Lin Yu: As compared with the Symbian malicious software formerly discovered, Transimitter.C has even stronger transmissibility and harmfulness: It not only has the corresponding server end for coordination, but can also be dynamically adapted to the current language of mobile phone and thus send short messages to address lists and strange numbers in different languages Furthermore, utilizing obscene short messages with links, it can inveigle the users to click it for installation. If this virus has been transmitted to mobile phones, it will bring tremendous economic loss and reputation crisis to the users.
Next –>
Pages: 1 2
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
