The worm, which is known as "Sexy View," has a valid certificate signed by Symbian, and it installs as a valid application. Once installed, the malicious program sends information like the serial number of the phone and contact information to a remote server. The worm propagates by sending SMS messages to those in the contact list with a malicious Web address. If the receivers click on the URL, they also become infected.
The worm primarily targets handsets running Symbian OS S60 3rd Edition, but it can also affect devices running Symbian OS S60 3rd Edition Feature Pack 1, like the Nokia N73.
"As far as our analysis goes, the worm currently does not take commands from the remote servers it contacts," said Guillaume Lovet, FortiGuard's senior manager, in a statement. "However, since the copies hosted on the malicious servers are controlled by the cybercriminals, they may update them whenever they want, thereby effectively mutating the worm, adding or removing functionality. We're really at the edge of a mobile botnet here."
FortiGuard has notified Nokia and various carriers of the worm, but there was no word at press time if there is an official patch from the handset maker or from mobile operators. FortiGuard sells a mobile antivirus that can protect from the worm.
This is the third mobile malware that has targeted Symbian in the last few months, as one exploit stole money from users' accounts, and another crashed a phone's messaging system. The exploits do not point to an inherent security flaw in Symbian, but attackers are bound to target the OS because it is the most widely used smartphone OS in the world.
What are the five best practices for smartphone support? InformationWeek has published an independent analysis of this topic. Download the report here (registration required).