Security firm Fortinet has discovered a very malicious worm that is actively spreading on mobile phone networks that run the Symbian operating system.
The threat response team at Fortinet has identified the worm as SymbOS/Beselo.A!worm. This worm is able to run on a number of Symbian S60-enabled devices which include the Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.
Basically, this malicious worm is transmitted via MMS which carries the name Beauty.jpg, Sex.mp3 or Love.rm. These names tend to deceive users into unknowingly installing the malicious software onto their mobile phones, warns Fortinet.
Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon “clicking” on the attachment.
“Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software,” warns Fortinet.
After getting installed onto a phone, the worm harvests all of the phone’s stored numbers located in the contact lists and then targets them with a viral MMS carrying a SIS-packed (Symbian Installation Source) version of the worm.
Besides harvesting these numbers the malware also sends itself to generated numbers as well. It has been found that all these generated numbers are located in China and belong to the same mobile phone operator. Further, some of these numbers have been verified to belong to actual customers, rather than being premium service numbers.
According to Guillaume Lovet, manager of Fortinet’s Threat Response Team, EMEA, and the man who conducted the research and discovered this worm said, “It is actually spreading in the wile, although the numbers are still pretty low.”
So, if you have a Symbian S60 mobile phone, and you receive a media file, then you better answer “no” to any installation prompt that appears when trying to open the file.