First Symbian OS virus to replicate over MMS

Shachaf writes "A new virus, CommWarrior.a, is the first to replicate over MMS (Multimedia Message Service). From the article: 'Multimedia Message Service (MMS) is a more advanced version of the Short Message Service (SMS) familiar to users of GSM based handsets around the world, and allows rich content such as pictures, sounds, video, and applications to be sent as well as text.', and '"With MMS messages typically costing between $0.25 and $1.00 CommWarrior could prove expensive to anyone unlucky enough to be infected by it. As the virus runs silently in the background it could be quite some time before the user becomes aware of the potentially hundreds of MMS messages that have been sent," said Aaron Davidson, CEO of SimWorks.'"

another good reason to have a simple cellphone

[Anonymous Coward]

All of my coworkers laugh at me for using such a simple phone with only basic features and services. Guess there are some benefits afterall.

Liability

[Thnikkaman]

I wonder if this falls under the protection of the service provider. It seems to me that they shouldn't be able to charge the user for a vulnerability on their part, but what companies should do and what they actually do are very different things.

Re:It's a bit offtopic, but..

[hsmith]

Why? Because it is PURE profit right now, if everyone is charging the same, they all can milk users while they can. One day it will be competitive, right now they all "agree" to keep prices high to rip off users. Do you really think SMS messages cost the $.20 they do to send? of course not. $.01 would be expensive still.

Wow!

[FreeLinux]

What a remarkable "coincidence".

I never put any credence into the ativirus companies writing viruses conspiracy theories but, that one's just too fishy.

Re:Eh..

[plover]

If I had a phone like this and it was infected, and it ran up a huge bill, I'd first talk to my service provider. If they refused to waive the charges, I'd then talk to the cell phone manufacturer.

Seems like the cell providers could kill this quickly. Can't they recognize the virus signature in the messages that are transmitted? And can't they trace them back through the links to find out where it originated? Are there really holes that big allowing people to upload crap like this anonymously?

Should this cost consumers?

[junkcannibal]

It seems to me that since most people get their phones for free when they sign up for a plan, the cell phone companies should bear the cost of this virus. This cost will inevitably be passed on the the concumers. My point is that it should be the responsibility of the cell phone companies to keep their products and their networks free of viruses. Dwight Yokel BEEP BEEPING his neighbor in the next trailer over, should not be expected to pay and money or attention to this sort of concern or worry about extra charges on his bill because his cell phone company runs a flawed service.

Re:Liability

[hikerhat]

I was thinking the same thing. It should be like a credit card, where you aren't liable for more than $50 or so of fraudulant charges if you card is stolen.

But my cell phone is about 5 years old now, so I don't have to worry about these things.

Re:It's a bit offtopic, but..

[Turn-X Alphonse]

the current price is what 12 year old girls find acceptable... they are happy to pay it so why reduce profits?

Re:If the virus sends a relatively uniform...

[plover]

It's not in the short-term best interests of the cellular providers to block the virus. First, it involves acknowledging the virus exists, which tends to scare people. Next, and here's the cynical greedy part, people who blindly pay their cell phone bills every month without complaint make up a large part of their customer base. If they can make a few million dollars off the virus, where's the incentive to shut it down? Willingly give out reimbursements to anyone who complains, but let the rest of them just continue to fork over cash.

Sorry to be so cynical, but I just see these "services" (and all cell phone costs) as tremendously overpriced. It's just data. The bandwidth has a fixed cost (it's just the sum of maintenance, capital investments, marketing, etc.) Throw in 10% or 20% over cost for a profit margin, and call it done. But no, they have to have "minutes" and "plans" and "packages", all of which are expressly designed to mislead the buyers into spending as much money as possible, regardless of the amount of "service" they "consume." And we, the sheeple, consume it readily.

Re:That sucks, yeah, but look at the bright side!

[cayenne8]

Can someone clue me in as to what this SMS and messaging is all for?? If you have a phone...why send text messages over it? It's a phone...call and talk to them....??

Kind of depressing isn't it?

[hey!]

I mean, the RFCs for MIME came out, what twelve years ago? Injudicious MIME implementations have been vectoring trojans ever since.

So, you'd think they'd have taken a lesson from a decade of history and limited the power of multimedia attachments.

Re:another good reason to have a simple cellphone

[dapsie]

You do realize that you have to accept the file and confirm that you wish to install the application? It doesn't spread without actually being installed. The same with the BlueTooth "viruses", first you have to accept the Bluetooth connection - then you have to accept to install the file that was sent to you. No different than eMail viruses nowadays, if you get one - you're an idiot, sorry :p

Re:another good reason to have a simple cellphone

[gl4ss]

1: you can keep the mms settings off - there by being immune from this.
2: you need go through the installing of the application yourself.
3: when installing it warns you that it is not signed and potentially unsafe.
4: you could get one of the antivirus solutions which mostly are snakeoil(because if you are smart enough to install one.. wouldn't you be smart enough to NOT click through the install?).

the way this is most probable to spread is by intentional spreding by some kids, like other symbian 'viruses'(they're all programs that you have to click through the install by yourself) it's almost impossible to bump into this by total accident in the wild.

what's to note is that these symbian phones are open in the same sense a pc is - ANYONE can develope anything they want for them(and they're STILL more secure than a pc with the modem plugged to the wall). including you! if you're a nerd you should appreciate that possibility, if you're not wtf you're doing on slashdot anyways?

Customers pay, and they should.

[huge]

Doesn't really seem right to charge users for something like that, espicially the less savvy who might not know-any-better.

I think this should be considered to be no different to internet connection. In this context I'd like to say "PC /w internet connection" == "Mobile".

If you have a internet connection for which you pay per used bandwidth and you get a virus, do you get refund? You get 0wned and someone uses you as a spam relay, you get black-listed. Should you get refunded?

No. You should make sure that you have up to date AV running and you have firewall installed and configured. Even if the terminal is more widely spreaded than the internet connections are, and to even more clueless users, it's up to users to make sure that their system is secured.

Yes, there are ISPs which disconnect infected clients from their network and will not forward virus infected emails, but some of them don't care.

Of course there will be companies to provide AV and FW applications. Of course they wont be free. But then again, who can blame them. If you want to get it for free do it your self, GPL it and make sure that everyone can enjoy it.

Re:That sucks, yeah, but look at the bright side!

[ambrosen]

Why send texts? Because it doesn't require all the "Hi, how are you?, How's the weather"..."Bye, nice talking to you, see you soon" effort, and it doesn't interrupt the flow of what either of you were doing.

But you knew that anyway.