The advent of smartphone viruses and Trojans mean your smartphones and PDAs, the data on them, and enterprises they are connected to are no longer as safe as they once were.

With that in mind, security vendor Kaspersky Lab has updated its handheld protection suite to version 5.5, adding a new user interface among other improvements to the cross platform application.

Kaspersky Security for PDA ($15.95) supports Windows Mobile handhelds and smartphones plus Palm platform devices.

The company says the upgrade delivers better virus detection and disinfection than before, with an antivirus database that you can set to automatically download onto your handheld as its updated. A new antivirus monitor tracks application activity in real time—in internal memory and on expansion cards—to prevent malicious code from executing. Encryption is leveraged as an added layer of protection.

Antivirus vendors discovered the first malware in the 'wild' last June. Since then, a lot more—mostly targeted at Symbian smartphones—has been set loose on the wireless community.

As Kaspersky Lab Senior Technology Consultant Shane Coursen pointed out to PDAStreet, “Since the discovery of Cabir one year ago, there are now close to 100 malicious programs targeting PDAs and smartphones. Today’s mobile operating systems are very insecure and users must protect themselves as mobile devices gain wider acceptance and become targeted by the hacker community in the same way that PCs are today.”

The Cabir virus finally found its way to the U.S. back in February. The original virus, Cabir.A, spread in the wild throughout Europe and Asia since its writer posted variants on a Web page last June.

It was capable of spreading from smartphone to smartphone, but only with each reboot, which effectively limited the possibility of causing a widespread outbreak. Subsequent variants haven't been subject to reboot restrictions, however, and may spread to as many phones that are within range. .

Mobile Malware Highlights

June 2005
Skulls.L worm is capable of disabling smartphone features by deactivating messaging, net access and other applications. Once this occurs the application icons on the phone are replaced with pictures of skulls.

March 2005
The first virus to spread itself through Multimedia Message Service(MMS) messages is discovered. CommWarrior.a sends itself to any Symbian Series 60 phone world by piggybacking on an MMS message.

January 2005

Gavno.a hit handsets hard. This malware severely disrupts the functioning of a Symbian phone to the point where the handset can no longer make calls. Earlier threats (e.g. Skulls, Cabir, and Gear) only affected higher-level systems. It uses a similar technique to the previous month's SEXXXY malware, which disabled just one button on a phone.

A second version of Gavno, Gavno.b, features a slightly larger install file to bundle a copy of the Cabir and Camtimer Trojans. As a result, Cabir attempts to send a copy of Gavno and Camtimer to other nearby Symbian phones via Bluetooth.

December 2004

New variants of the Cabir virus (one of the first mobile viruses), Cabir.H and Cabir.I, fix a flaw that slowed the previous Cabir malware from spreading rapidly. The original Cabir, dubbed Cabir.A, moved only to one a new phone with each reboot. But the newer versions do not have the same restrictions, and appear capable of spreading to an unlimited number of phones per reboot.
(For more, see New Cabir Variants are Spreading Fast)

METAL Gear.a encourages smartphone users to install itself by masquerading as the Symbian version of the popular Metal Gear Solid game. The trojan is the first malware to target Symbian security software to disable specific anti-virus and file browsing applications.
(For more see Trojan Targets Anti-Virus Achilles Heel)

November 2004

Skulls, at the time a relatively low-impact but threatening virus, pops up on some Symbian OS smartphones. The malware, which overwrites application information and icon files (AIF) on the device's C: drive with an icon of a skull-and-bones image, was found at some Symbian shareware download sites under the filename "Extended Theme Manager" and "Tee-222" with a Symbian OS Installer file (.sis).

(See Security Update: Skulls Hit Symbian Phones)

August 2004

The first Trojan aimed at Symbian smartphones turns up embedded in a cracked (illegal) edition of Ojom’s game Mosquito. So the only way to become infected with Mosquito was to knowingly or unwittingly download illegal software.

Mosquito becomes activated when you launch the pirated game. Upon which, it copies itself to the system/apps/Mosquitos/ folder on the smartphone and then sends SMS messages out in the background at premium rates while the game was being played.
(For more, see Beware of Greeks Bearing Gifts)

A few days later...

The saga of the first Trojan Horse for Symbian smartphones takes a twist worthy of Homer's epic poem the Iliad, as it becomes apparent that the perpetrator is the developer of the infected game itself. Ojum placed the Trojan in the game Mosquito as a form of copy protection.

So if a "cracked" or illegal version of the game was developed or Mosquito was played on an unregistered smartphone, the Trojan dialed a specific number silently in the background—sending an SMS message notifying the company. Although it worked as planned, it backfired too, as a number of legitimate users were affected.
(See Mosquito Trojan Bites Developer Back)

A trojan aimed at Pocket PCs called Backdoor.Bardor.A or WinCE.Brador appears, and is received by victims as a disguised e-mail attachment. When launched, the malware lets its creator control the infected Pocket PC and all the data on it the next time a user connects to the Web. Specifically, the worm identified the machine's IP (Internet Protocol) address and sends the information to the virus developer.
(For more, see Mosquito Trojan Bites Developer Back)

June/July 2004

The first two known cases of malware for mobile devices—one for Symbian smartphones and the other for Pocket PC PDAs and phones—appear a little over a month apart. Members of 29a, an international group of programmers that specialize in “proof-of-concept” viruses develops both.

So EPOC.Cabir (Symbian) and WinCE.Dust (Pocket PC) were developed not to create havoc but to prove that malicious code for handhelds could be generated.

First comes Cabir in June, which is disguised as the Caribe Security Manager utility—part of a Symbian smartphone's security software. When launched, the worm made the smartphone's screen display the inscription Caribe.

The worm then penetrates the system and is activated each time you started your phone. It also scans for other phones using Bluetooth to send out copies of itself. The intial malware trojan's appeared to be based on this initial "proof-of-concept" creation.
(For more see, Worm Hooks Symbian Smartphones)

Next comes WinCE4.Dust for Pocket PC handhelds and phones. The malware writer only sends the virus to anti-virus vendors, claiming that it, like EPOC.Cabir, was created to show that a Pocket PC virus could be developed and spread. Also, unlike malicious worms, WinCE4.Dust asked the handheld owner if it could spread itself.
(Fore More see, First Pocket PC Virus Uncovered)

You can find mobile security guidelines in the following articles:

--Handheld Security: Part V - Enforce Policies, Keep Network Safe

--Handheld Security: Part IV - The Mobile VPN

--Handheld Security: Part III - Evaluating Security Products

--Handheld Security: Part II - Understand Vulnerabilities

--Handheld Security: Part I - Learn the Basics

--Top 10 Items You Shouldn't Allow on Employee Unprotected PDAs (and what do about it)