Kaspersky Lab Announces its Third Review of Mobile Malware Evolution

Kaspersky Lab, a leading developer of secure content management solutions, announces publication of the third edition of "Mobile Malware Evolution".

This article is a continuation of previous publications which surveyed malicious programs targeting mobile phones and smartphones. The article is authored by Kaspersky Lab’s leading experts: Alexander Gostev, Director of Global Research and Analysis Team, and Denis Maslennikov, Mobile Research Group Manager.

It has been almost three years since the second review on mobile malware was published. Since then, mobile devices have evolved significantly. There is no clear leading operating system for mobile devices: Symbian, the former leader, has lost ground to Windows Mobile, BlackBerry, the mobile version of MacOS X and other platforms. The situation differs dramatically from the desktop market, which is dominated by Microsoft Windows.

Give the absence of a single leading mobile operating systems, virus writers have realized that it is impossible to conduct an attack which targets the majority of phones and smartphones. This had led them to implement cross-platform technologies in malware so that mobile threats can affect devices running under different operating systems.

For example, Java 2 Micro Edition Technology (J2ME) has become widely used in creating mobile malware as it allows Java, a platform-independent language, to run on mobile devices. J2ME is supported by virtually all modern mobile phones and smartphones.

In the three years since the previous mobile malware review was published, the amount of J2ME malware detected by Kaspersky Lab has more than tripled. J2ME malware now accounts for 35% of all malicious programs detected by Kaspersky Lab, surpassed only by malicious programs for Symbian which make up 49% of all mobile malware.

Over the last three years, the number of all mobile threats detected by Kaspersky Lab has doubled. This demonstrates that the growth tendency seen in 2004–2006 still continues.

The authors provide an overview of the new technologies and methods that have quickly gained popularity with mobile virus writers, such as malware which copies itself to memory cards, downloading extra modules from the Internet, spy functions, corrupting user data, polymorphism and disabling protection methods integrated into the operating systems.

Over the last two years, the most common behaviour exhibited by mobile malware has been to send expensive SMS messages without the user’s knowledge. Programs which exhibit such behaviour are called SMS Trojans. These Trojans often employ sophisticated tricks to get the user to press a key and send a message.

SMS Trojans typically spread via WAP portals that offer a range of software and media content for download. Most SMS Trojans are disguised as applications offering free SMS service or web access, or as erotic or pornographic content.

The article also describes the vulnerabilities in mobile phones and smartphones that get exploited most often, and reviews several recent virus incidents. The latest tendency has been for mobile malware to be deployed in a way similar to PC malware, aiming at local targets rather than provoking global epidemics. Russia, China, Indonesia and Western Europe are the regions where mobile malware poses the greatest threat.

The authors predict that mobile devices gain in popularity, which will result in increased cybercriminal attention, increased malicious activity and profit, and a corresponding increase in the amount of mobile threats. However, smartbooks may in time become a more attractive target for malware attacks than smartphones. On the other hand, the implementation of x86 processors in home appliances could increase the potential for malicious attacks to unprecedented levels.

The full version of Mobile Malware Evolution is available here: www.viruslist.com

The material can be reproduced provided the author; company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab PR department.