New email virus bombards mobile phone users

Mobile phone customers are being targeted by a new computer virus that Internet security experts say is the first of its kind.

Evan Hansen Staff Writer, CNET News.com
Department Editor Evan Hansen runs the Media section at CNET News.com. Before joining CNET he reported on business, technology and the law at American Lawyer Media.
Evan Hansen
4 min read
Mobile phone customers are being targeted by a new computer virus that Internet security experts said is the first of its kind.

The virus, called "Timofonica," is reported to be "in the wild" in Spain, where customers of the phone company Movistar have been hit with annoying computer-generated phone calls, according to the antivirus firm Kaspersky Lab. The virus type, known as a worm, targets phones that use the European GSM mobile standard.

Security experts said the virus is the first to hit mobile phones, although they emphasized that the worm is propagated by computer and not via the telephone system. They also said the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica.

"It's an annoying message type," said Chris Vargas, president of F-Secure, an Internet security firm that also reported the worm this morning. "The virus' purpose is to propagate a harmless message."

Like the notorious "I Love You" virus that spread quickly through corporate computer systems across the globe last month, the Timofonica virus was written using Microsoft's VBScript programming language. Also like the Love bug, Timofonica spreads via email by sending infected messages from affected computers. The worm sends itself to all addresses that are stored in a person's address book.

"We believe the worm originated in Spain," Varga said. "The message is in Spanish, and the message is directed at a Spanish operator."

In addition, the worm sends a message to a so-called short messaging service (SMS) gateway that sends a text message to phone users. The worm randomly generates phone numbers targeting the "corio.movistar.net" SMS gate.

Chris Vargas Every time the worm is forwarded to a new address, it sends a new SMS message to a randomly selected number, thus bombarding people with SMS messages.

Timfonica isn't the first virus to attack telephones. Earlier this year, a phone virus hit 911 systems in Texas. During the I Love You rampage, some fax machines began spitting out harmless pages of code, thanks to email-to-fax services.

While today's attack may be relatively benign, it points to the potential for more serious mischief as voice and data as well as mobile and fixed communications systems become more entwined.

Most large Web companies are already looking to offer wireless and voice services to augment the predominantly PC-based Internet entry point. Because viruses have the potential to reach every point in the network, the risk of serious infection increases as the network grows.

Security experts said that viruses targeting phones and wireless handheld devices aren't likely to pose a major threat any time soon, however.

Dan Schrader, chief security analyst at Trend Micro, acknowledged that some wireless devices, such as PalmPilots, are powerful computers in their own right and pose a theoretical risk of increasing the spread of viruses. But he said traditional computer networks are the most vulnerable to viruses and are likely to remain so despite growing network convergence.

Schrader pointed to several factors likely to mitigate viruses that jump off computers to attack other parts of a network. The culture of virus writers, he said, leads them to attack the most widely adopted technologies, making Microsoft's personal computing software the primary target for now.

"Theoretical security problems see CNET Software: Protect yourself from a virus attackdon't always materialize in the real world," he said. "For example, we have identified the potential to create Java applet viruses, but two years later, we have yet to see one."

In addition, he said, writing viruses that will run on multiple platforms is next to impossible, meaning that wireless breakouts will be quarantined over divergent operating systems and hardware.

Schrader said that today's attack could point to new ways of protecting against future viruses.

"The use of desktop antivirus software has proven to be a failure," he said, noting that new viruses often spread before antidotes can be posted.

Schrader said the correct way to stop viruses is at key points on the network--at the wireless gateway, for example. Such a solution would also save handheld users from having to place memory-hungry antivirus tools on their cellular phones.

Are mobile devices safe?
Vincent Gullotto, director of Network Associates' antivirus emergency response team, also said today's virus was low risk.

But he said the attack highlights the blurring line between technologies such as telephones and computers.

Gullotto said he believes that handheld devices will not become a broad virus threat until they begin to incorporate significant automation features, such as the ability to run pre-programmed commands.

"It can become a problem when the device does something for the user, either in the device or by sending something through infrared," he said.

He added that cross-platform operability remains a problem for handhelds, creating barriers that impede the progress of viruses.

Gullotto said efforts to establish wireless standards, such as the Wireless Application Protocol (WAP), could create an environment in which viruses could travel more quickly and do more damage.

"There is an inherent conflict between convenience and security," he said.

News.com's Jim Hu contributed to this report.