Bad sorts have created a malware targeted at Symbian mobile phones that comes signed with an apparently valid Symbian Certificate. Because it is signed the application can potentially gain privileged access, net security firm F-secure warns. The malware is also unusual because it is targeted at S60 3rd Edition phones, instead …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 20th February 2009 14:45 GMT Andrew

Brilliant

Nice to know us Symbia people are being targeted. Now phuck offf and play with windows.

0 0
Friday 20th February 2009 16:20 GMT Charles

But it begs the question.

"Who signed the worm?" Normally mass-distribution apps are signed by Nokia themselves after going through quality assurance. Either something slipped through the cracks or the worm makers enlisted inside help.

0 0
Friday 20th February 2009 16:51 GMT Neil Hoskins

yawn

So, once again, let's get this straight. First of all, somebody is stupid enough to install it. Then, each time it tries to phone home or propagate, they press "yes" again? They continue to keep pressing "yes" every few minutes as the worm tries to propagate? Frankly, anybody that stupid is too dumb to own a smartphone anyway.

0 0
Friday 20th February 2009 22:00 GMT Charles

@Neil

Apparently, *because* it is signed, once it's installed and running, it can access the protected parts of the system. These include the SMS subsystem and the address book. From what I've read, it's able to pull these off without further human intervention. That's why it's classified in some places as a worm rather than a trojan.

0 0
Saturday 21st February 2009 00:46 GMT Paul

@Charles

It's also possible that the worm creator was able to break the security on the signature. I say that without knowing any details of how it works, but it's not inconceivable. Only as strong as its weakest link, and all that.

0 0
Sunday 22nd February 2009 21:40 GMT Gio Ciampa

Self-signed?

There are apps for S60 phones that will allow self-signing (Freesigner) and sites that will sign apps for you (Symbian Signed) - so maybe it wasn't Nokia that signed this at all?

That said - it's still a case of people OK'ing stuff they don't know properly

0 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

'Sexy View' SMS malware targets Symbian devices

COMMENTS

Brilliant

But it begs the question.

yawn

@Neil

@Charles

Self-signed?

Other stories you might like

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

Malicious xz backdoor reveals fragility of open source

Feds finally decide to do something about years-old SS7 spy holes in phone networks

Rust developers at Google are twice as productive as C++ teams

H-1B visa fraud alive and well amid efforts to crack down on abuse

Feds probe alleged classified US govt data theft and leak

Apple's GoFetch silicon security fail was down to an obsession with speed

It's 2024 and Intel silicon is still haunted by data-spilling Spectre

US critical infrastructure cyberattack reporting rules inch closer to reality

Rubrik files to go public following alliance with Microsoft

About Us

Our Websites

Your Privacy