You TubeFacebookTwitterflickrGoogle plus
Sunday, 24 March 2019 12:24 am

New Zealand telcos are on lookout for sexy cell phone invader

Aug 5th, 2009 | By | Category: Featured Article, Front Page Layout, News


NEW Zealand mobile phone companies and anti-virus experts are down-playing the world’s first text message “worm” – one saying that people face a greater risk of dropping their phone or having it stolen.

The text message trojan Sexy Space, which invades phones and sends out messages from the contact book (at potentially high cost to the phone owner) hasn’t shown up in New Zealand yet.

The virus – so far invading phones in China and the Middle East – is nothing new, says Aaron Davidson, CEO of SimWorks, a mobile phone application and antivirus developer.

“Essentially, it’s just an application that pretends to be a good thing, when in fact it contains something it shouldn’t.”

He says users themselves are more of a threat to mobile phones than viruses. There was more chance of a phone being dropped down the toilet, or left in a bar or a taxi.

“What they’ve really got to be worried about is…just basically insuring against their own inevitable actions that will cause their phone to be dropped and broken open, stolen. I think this happens much more than anything else.”

The virus has been reported as being close to a botnetwork, because it has a remote control update mechanism which can alter the text message being sent from the infected phone.

Global internet security company F-Secure reported early this month it had identified the variously named Sexy Space/Sexy View/Yxe/Sexy Space, the first text message worm, in the Middle East and China.

phonemain2According to Symantec and F-Secure, the malware (also known officially as SymbOS.Exy.C, and shown at left, courtesy of Symantec) can affect smart phones that run on the Symbian operating system if the phone user unwittingly downloads and installs it.

Sexy Space only infects Symbian Series 60  third edition phones, such as LG, Samsung and Nokia,  including the popular Nokia N95.

The malware is distributed by suggestive SMS text messages which invite the phone user to download a link that advertises porn, but instead installs the virus on the phone.

Information is then collected and sent to pre-arranged locations, while numbers in the phone’s contact book are spammed with similar infective text messages – all sent at the cost of the phone owner.

F-Secure named three Chinese companies that were behind the release of the Sexy Space trojan, which was hidden inside an operating system application submitted to Symbian and digitally signed.

Symbian has removed the infected application from the market and revoked the authentication certification, but F-Secure says the settings in some phones will have to be changed manually to accept the revocation certificates.

The threat level is considered to be very low and not widespread, and it has not been reported in New Zealand yet.

The malware is believed to have been digitally signed through the vetting process of open-source mobile phone software developer Symbian, whose operating systems feature on just under half the world’s cell phones.

Mr Davidson says the Sexy Space mobile virus is not as concerning as previous viruses or malware that infiltrated New Zealand in 2004 and 2005.

“We continue to see infections of one sort or another, but not at the level that we saw in late 2004 and 2005.”

“When the earlier version of Symbion OS was very popular and there were lots and lots of phones being purchased that were using it, we saw a lot of Commwire going round that would transmit itself by MMS and by Bluetooth.

“But those phones have slowly but surely fallen out of circulation, providing a smaller and smaller group of infectable devices, and Symbion 9 has got much, much better security.”

Computer Virus Consulting’s Nick FitzGerald, Christchurch, says the primary motivation for all malware and viruses is to make money.


He says there has not been a huge proliferation of bad software and viruses on mobile phones because there is a huge range of operating systems and processor families.

There is little worth stealing from mobiles in New Zealand at this stage, unlike Japan where phones have smart chips enabling people to make purchases.

New Zealand mobile phone networks say they are aware of the viruses and are monitoring the situation for any future threats.

2Degrees spokesperson Bryony Hilless says they have processes in place to monitor the risks and deal with issues as they arise.

Telecom spokesperson Rebecca Earl advises customers to take care when downloading applications and files, and to do so from reputable sites.

Vodafone spokesperson Paul Brislen says Vodafone would warn customers on the network’s forums.

Most customers are pretty savvy and would know better than to open a dodgy text message with an unknown attachment, he says. But further steps may be necessary in future.

“We’re keeping a watching brief on cell phone-based viruses at the moment. We warn customers about them, but in the future it’s entirely possible we will have to roll out some kind of product or some kind of anti-virus capability.”

Sydney’s Peter Sparkes, spokesperson for Symantec, a global antivirus software company known for its Norton products, sells anti-virus and anti-spam solutions for smart phones.

Asked whether a mobile phone network should be responsible for protecting customers from viruses, malware and other malicious threats, SimWorks’ Aaron Davidson says everybody feels that it is the mobile operator’s responsibility.

“But…we don’t think that it’s our ISPs’ responsibility to protect us from viruses, and there is no difference between those two types of companies. They’re both exactly the same. They provide network services to devices that we own.”

He says this may have something to do with the level of attachment people have to their mobile phones.

Some mobile virus history

  • June 2004 Cabir (first variant): First ever mobile phones virus discovered spread only by bluetooth. A proof on concept virus.
  • August 2004 Mosquito: Embedded in a cracked version of the game Mosquitos downloaded from file sharing websites.  Sends text messages to a premium rate number.
  • November 2004 Skulls: A malicious Trojan that replaced the system apps with non-functional versions with pictures of skull and cross bones disabling some application of the phone.
  • December 2004 MGDropper: A Trojan horse that replaced applications and also installed the Cabir virus.
  • January 2005 Locknut (Gavno): Alleged to have disabled calling functionality when installed.
  • March 2005 Commwarrior: The first virus that could replicate itself over text message by sending text messages to other users was also capable of spreading by Bluetooth.
  • March 2005 Cabir: New Zealand became the twenty-second country to be infected by the malware spread by Bluetooth.
  • March 2005 Dampig: A virus which disabled some application including Bluetooth, infected phones needed to be disinfected before infected applications could be uninstalled.
  • March 2005 Mabir: A worm which spread through Bluetooth and text message.
  • December 2005 Drever: Trojan disabled the automatic start-up up antivirus software on handsets.
  • April 2005 Fontal destroyed data and installed a corrupted font file causing the device to fail after being switched on.
  • May 2005 Cabir: Variants of the virus were sighted in 20 countries.
  • September 2005 Cardtrap.A: Disables most of the phone built in applications and installs Windows worms Win32 on to the memory card.  Alleged to be able to migrate from mobile to PC.
  • November 2005 PbstealerA: Reported to copy information from the infected phone and transmitted data to nearest BlueTooth.
  • April 2006 StealWar.E: A Trojan that dropped 3 other viruses: Commwarrior, Pbstealer and Cabir.A spread via Bluetooth.
  • April 2006 RommWar: Trojan installs malfunction software which caused phones to freeze.
  • February 2009 Sexy View: Installed after following link in text message.  Was digitally signed.  Installs a Trojan that collects data and sends to another location, also attempts to send text messages to phone numbers.
  • February 2009 Sexy Girls: Was digitally signed. Variant of SexyView has similar characteristics.
  • July 2009 Sexy Space: Variant of Sexy View and Sexy Space behaves the same way as the previous ‘sexy’ viruses.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

is a Whitireia Journalism student.
Email this author | All posts by

Leave Comment

You must be logged in to post a comment.

Radio News