History of Mobile Malware (part II)
mobilesecurity.com [London, UK] As we continue our series that looks at how cell phones have increasingly become the target of malware authors, the second instalment focuses on new platforms that were targeted in the middle of the last decade.
By early 2006, mobile malware was spreading to other platforms. Viruses for Windows CE and Windows Mobile became more prevalent, with MMS vulnerabilities in Windows Mobile 2003 making it a particularly attractive option.
While the popularity of Nokia phones made Symbian the lead platform for virus writers until 2010, canny hackers had noticed an even more exciting opportunity: the Java platform for embedded systems, J2ME. J2ME viruses had in advantage in that they didn’t just attack Symbian smartphones, but every mobile platform that supported the Java implementation.
The first J2ME virus, RedBrowser.A, used vulnerabilities in Java and SMS to send premium-rate SMS messages to a fraudulent contact, setting the dominant pattern for J2ME malware. Between 2009 and 2010 there was an explosion in mobile malware, with numbers doubling, and as the fastest-growing platform, a large percentage of viruses focused on SMS fraud.
By 2009, the attacks were also growing increasingly sophisticated, with examples like the Chinese SexySpace Symbian S60 virus kicking off by sending SMS messages with links to every phone number in the address book, prompting them to download pornographic content.
This is a trend that we’ve seen continue onto the Android platform – which coincidentally is the subject of the third and final article in our ‘mobile malware’ series. Come back tomorrow to learn more.