Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/7/2009
03:09 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fortinet Protects Against 'CurseSMS' Mobile Attack With New Version Of FortiCleanUp Tool

FortiGuard Global Security Research Team releases new version of its FortiCleanUp tool to block and disable the remote SMS/MMS DOS attack

The FortiGuard Global Security Research Team released a new version of its FortiCleanUp tool to effectively block and disable the remote SMS/MMS Denial of Service attack publicly known as "CurseSMS".

Fortinet's FortiCleanUp is a range of free tools running on SymbianOS S60 powered phones, designed to remove and disable specific mobile malware and their related variants.

The "CurseSMS" attack is a remote SMS/MMS denial of service, recently discovered by Tobias Engel, and disclosed at CCC. The attack consists in sending a maliciously crafted SMS to the potential target. Upon reception of the malicious SMS, the targeted device may no longer be able to receive any further SMS or MMS messages, its messaging system thereby effectively becoming deaf. Depending on the operating system version, this state may persist until the device is factory reset.

Potentially vulnerable devices are Nokia phones running SymbianOS S60 2nd Edition Feature Pack 2, 2nd Edition Feature Pack 3, 3rd Edition, and 3rd Edition Feature Pack 1. This includes several phones of the "N" series up to the N95 (eg: N90, N92, N93, etc...) and of the "E" series up to the E90, as well as older models such as the 6680. For a list of potentially vulnerable phones, please see below..

Solutions:

Fortinet's FortiGuard team provides free licenses of its FortiCleanUp tool, for users to protect their mobile devices against the "CurseSMS" attack, or/and to recover from it in case it has already struck; the latter is achieved by automatically removing malicious SMS messages that hamper handset functionality.

Beyond CurseSMS's case, the FortiGuard team recommends the installation of Fortinet's FortiClient Mobile on mobile devices, for light-weight, yet complete real-time protection against mobile threats (including but not limited to CurseSMS). FortiClient Mobile is available for SymbianOS S60 and Windows Mobile powered platforms. It provides users with unified security agent features, including SMS antispam, data encryption, call filtering and real time antivirus protection.

Potentially vulnerable handsets, in alphabetical order:

* Nokia 3250 * Nokia 5500 Sport * Nokia 5700 XpressMusic * Nokia 6110 Navigator * Nokia 6120 Classic * Nokia 6121 Classic * Nokia 6124 Classic * Nokia 6290 * Nokia 6630 * Nokia 6680 * Nokia 6681 * Nokia 6682 * Nokia E50 * Nokia E51 * Nokia E60 * Nokia E61 * Nokia E62 * Nokia E63 * Nokia E65 * Nokia E66 * Nokia E70 * Nokia E71 * Nokia E90 Communicator * Nokia N70 * Nokia N71 * Nokia N72 * Nokia N73 * Nokia N75 * Nokia N76 * Nokia N77 * Nokia N80 * Nokia N81 * Nokia N81 8GB * Nokia N82 * Nokia N90 * Nokia N91 * Nokia N91 8GB * Nokia N92 * Nokia N93 * Nokia N95 * Nokia N95 8GB Note that this list may not be exhaustive.

Disclaimer:

Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing.

About Fortinet ( www.fortinet.com ):

Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.