Security Watch

Phone Malware Threat Grows

Viruses are reaching out and touching someone - everyone.

Malicious Code
Phone malware, particularly Cabir, continues to spread. This appears to be affecting non-North American countries most severely, possibly due to the types of phones more predominant abroad (Nokia) or the use of the Simbian OS. Also, the malware spreads extremely slowly, only able to infect one other system each time the phone is turned on. Regardless, there certainly is a marked increase in phone malware activity, and no reason to believe it will lessen before it gets worse.

This is bound to become a much larger issue than PC infections. Not only are phones far more common than PCs, the user community has a great deal less technical knowledge than the average PC user. Unless carriers and phone manufacturers find a solution that doesn't involve user interaction, we'll likely have phone malware living much longer than PC malware.

It's been reported that there was a significant increase in traffic on port 42 after a proof-of-concept exploit was released for the Microsoft WINS vulnerability patched by MS04-045. While there may well have been a spike in traffic, what the various monitoring stations fail to recognize is the difference between a scan for vulnerable systems and systems actually being compromised.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

Historically, bots get updated quickly with new exploits when they're released, and they'll often start scanning the Internet to see if they can find vulnerable systems. In this case, there are very few vulnerable systems exposed to the Internet due to the fact WINS isn't installed by default, and those that do have a WINS server installed aren't likely to be the type to be exposed. While not confirmed, it's likely that the spike was due to already compromised systems scanning, not new victims being found. Understanding this difference is important to ensuring your blood pressure doesn't go up unnecessarily.

Delta Blood Bank in California had one of two laptops used to store donor registration information stolen during a donor drive. Some portion of its database of donors was kept on the machine, compromising information on tens of thousands of donors. This is an example of the age-old problem where highly sensitive data is stored on an extremely vulnerable system. Cost and technical difficulty no doubt led the blood bank to store an image of the database rather than performing a remote connection to look up information, ignoring the fact that laptops are so susceptible to theft. Bottom line: Never store sensitive information on a laptop!

Human Factors
Online shopping was up more than 25 percent over the holiday season this year compared to the same period in 2003. That's certainly good news for e-commerce companies, but could spell doom for its future. That increase in shopping represents an equal increase in the likely theft of credit card information, which in turn spells more losses for the credit card companies. How long can they continue to afford to take the losses due to insecurely maintained e-commerce sites?

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq,, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular