New Botnet Viruses, Disguised As “Free World Cup VOD”, Hits Smartphones

New mobile viruses, disguised as "Free World Cup VOD" and other hot topics, were
captured last week by the Mobile Security Center of NetQin Mobile Inc. More than
500 complaint cases were reported and filed on June

Identified as ShadowSrv.A, FC.Downsis.A, BIT.N and MapPlug.A, these viruses
were embedded in mini mobile games to lure users to download. Once downloaded,
the device will be controlled by the virus originator. The virus propagation
model is the same as a computer "Botnet"; hence, the viruses are defined as
"Botnet viruses".

The term "botnet" is generally used to describe security threats on PCs,
where a group of computers all run a harmful application that is solely
controlled and manipulated by one owner or software source. The botnet may also
refer to a legitimate network of several computers that share program processing
amongst them. Though the purpose of the virus author is unknown, the propagation
model of the three viruses indicates that botnets on mobile devices are now
emerging and pose a growing threat.

"The explosion of mobile applications has made smart-phones an enticing
target for virus authors. Many security threats that were once only spread on
PCs, such as botnets, are now moving to mobile devices to maximize the financial
interest," said Dr. Lin Yu, CEO of NetQin.

According to the mobile security service provider, these viruses will either
send messages to all the contacts of the address book directly, or send messages
to the random phone numbers by connecting to the server; both of which result in
extra charges to the user’s phone bill. Furthermore, the viruses will delete the
sent messages from a user’s Outbox and SMS log. The messages sent by viruses are
themed the hottest topics, including Free World Cup VOD, and the most popular
blind date TV show, etc. All messages contain URLs linked to malicious sites
that users are unable to see until they’ve already clicked and fallen into the
virus trap.

The targets of these botnets are mobile devices with S60 3rd and 5th OS. An
estimated 100,000 mobile phones were impacted, according to the Mobile Security
Center of NetQin Mobile Inc. NetQin has now updated the virus database to ensure
users get timely protection. Meanwhile, the security service provider is also
working closely with operators to block the malicious URLs and prevent further
spread and infections.


Please enter your comment!
Please enter your name here