The War On Malware Goes Mobile

Remember the good old days, when your only concern about issuing and managing cell phones and PDAs was that someone would leave theirs in a taxi or on an airplane? Now viruses and mobile malware have reared their ugly heads, further convincing IT departments that BlackBerrys, cell phones, laptops, and PDAs must be locked down with as much vigor as back-end systems. The result is a slew of mobile data security options that include mobile encryption and even a kill switch for data should it fall into the wrong hands.The latest version of Credant Technologies' Mobile Guardian Enterprise Edition, introduced earlier this week, includes a poison pill that administrators can set up to wipe data from mobile devices if they're stolen. It can be sent down as a policy over the network, or as a set of preset rules. Unfortunately, there's no truth to the rumor that holding a Mobile Guardian-enabled phone to your ear can likewise erase unpleasant memories of your daughter's new boyfriend or your spouse's recent shopping extravaganza.

Version 5.1 of Credant's software does let users encrypt data files sent to or from mobile devices via E-mail or IM. Companies can use the software to generate policies regarding the type of data that can be shared with, and stored on, mobile devices and whether that data is encrypted. Mobile Guardian Enterprise Edition then downloads a software agent, which Credant calls a "shield," onto the mobile device to enforce corporate mobile data security policies. The Credant 2GO feature in version 5.1 lets users encrypt specific files, such as a PowerPoint presentation, on a USB storage drive and then access that presentation from any PC into which that drive is later connected. And this latest version supports the Windows Mobile 5 and Symbian operating systems.

Credant is far from alone in its attention to mobile security. Mobile Armor LLC earlier this week introduced mobile data security software and services that work with BlackBerrys, cell phones, laptops, and PDAs to deliver and manage security policy, encrypt data, provide a mobile firewall, scan for viruses, and create secure VPN connectivity. Trust Digital likewise is set to introduce the latest version of its software for securing data that resides on mobile devices. Trust Digital 2006 includes data encryption and policy management capabilities.

People have been losing cell phones and other mobile devices for years, so why all the fuss now? For one thing, these devices are increasingly likely to contain valuable enterprise data as today's workforce is encouraged to work from anywhere they happen to be. For another, mobile viruses have become a growing menace to road warriors and the administrators responsible for securing those devices.

Anti-virus researcher and software provider Kaspersky Lab in late February reported the debut of RedBrowser.a, a Trojan targeting mobile devices. Kaspersky noted that RedBrowser.a is the first malicious program that infects not only smart phones, but any mobile phone or device capable of running Java 2 Micro Edition, or J2ME. RedBrowser.a pretends to be a wireless access protocol-enabled browser that offers free WAP browsing using free SMS messages to send the WAP page contents. RedBrowser.a can be downloaded to a victim's handset via the Internet (from a WAP site), Bluetooth, or a personal computer. The Trojan then installs code that sends out text messages to premium-rate phone numbers in Russia, with the users charged $5 to $6 for each message.

Before you cancel your cell service and dust off your rotary phone, it should be noted that Kaspersky Lab has only received one sample of RedBrowser.a, which targets subscribers of Beeline, MTS, and Megafon, Russia's major mobile service providers. The social engineering texts used in RedBrowser.a are in Russian, which limits the Trojan only to Russian-speaking countries. But companies shouldn't be fooled into thinking that mobile users outside of Russia are less susceptible to a similar ruse.

Another mobile virus called "Crossover"--this one held in captivity by the mobile device malware researchers at the Mobile Antivirus Researchers Association--surfaced in February as the first malware able to infect both a Windows desktop PC and a PDA running Windows Mobile for Pocket PC. Crossover can move from a Windows PC to a handheld device as soon as it detects a connection using Microsoft's ActiveSync synchronization software. When running on a portable operating system, it will erase all the files in the My Documents folder and copy itself to the startup folder.

Fortunately, Crossover is a proof-of-concept virus, meaning it wasn't released into the wild and therefore isn't a widespread threat. But the very thought that hackers are focusing their attention on mobile devices, and that vendors are bringing an increasing number of mobile security products to market, indicate it's only a matter of time before the war on malware spreads to a wireless theater of battle.