Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam

New Virus Bombards Mobile Phones With Junk Calls 113

Wolfe writes: "We knew it was only a matter of time before something like this happened ... I can't wait until our lives and households are completly wired and some jerk sends a virus to my toaster or hacks the coffee machine." Similarly, crovax writes: "A new virus that spams mobile phone users is out. Checkout the story here. This virus that has only been reported in Spain infects a computer then starts generating random mobile phone numbers." I'd hate to be on the Washington Beltway when this hits the D.C. area!
This discussion has been archived. No new comments can be posted.

New Virus Bombards Mobile Phones With Calls

Comments Filter:
  • You don't seem to understand how viruses really run. It's not a matter of whether something can send mail or not, it's a matter of whether an incoming mail can have code in it that will cause the host to send mail without the user's permission.

    Actually, the viruses afflicting Outlook can only run if the user chooses to run them. The problem is that no warning is given the user, and it's so easy to do.

    Java, on the other hand, automatically denies any script, or any code downloaded from the network, the privileges to do anything remotely dangerous. If the applet or other piece of code requests permission to do so, the user is given a clear warning that it is dangerous to permit it. And practically speaking, it is actually quite a bother to even ask the user for these permissions-- Java's security model is almost too strict. In the long run, though, that's probably best.
  • Basically this is the beginning of a Virus that could have a direct and expensive impact on a large number of people.

    There have already been viruses along those lines. Anyone remember the trojan horse program that silently reassigned the dialup number Windows used to be an overseas ISP? Infected people were getting *huge* phone bills.

    Does anyone recall any more specific information about it?

  • I can't find the reference, but I'm sure I heard about a new virus which caused the modem to dial 911. Now that is evil.

    I'm just waiting till one of these things is written to DDOS a specific target. If it's microsoft, maybe we'll actually see some security improvements then. If the imaginations of virus writers keeps growing we could see all kind of weird shit happening. Viruses sending spam, running a seti@home client, mailing documents to random people.

    In the meantime, I'll think I'll hold off on the web enabled fridge / oven / phone etc. This winter I'll have enough real viruses to deal with.

  • From the Yahoo link :
    In addition, the worm sends a message to a so-called short messaging service (SMS) gateway that converts text messages to voice and sends them to mobile phone users.
    SMS does not convert text messages to voice. SMS only does text (and only text) messages.

    (my A$0.02)
    Patrick
  • by orpheus ( 14534 ) on Tuesday June 06, 2000 @07:52PM (#1020449)
    I absolutely agree that its important to make the distinction between virus, worm, trojan, etc., it would cut down on confusion, and encourage more background understanding of computers in general.

    However, I think it's funny that you suggest "pathogens". In medical school, we had the same problem with distinctions that were generally important (bacteria, protozoa, viruses, worms, other parasites, etc.), but which could be cumbersome when speaking generically. 'Pathogen' wasn't always appropriate either (the same species can be a pathogen in one site, and normal flora in another).

    Do you know what we call them, collectively, in the hospital? Bugs.

    "Hmmm... Computer bugs?" No, that's already taken...

    -------------------
    All right, who's the wise guy who /.'d the New England Journal of Medicine website tonight? It's up, but it's boggy as hell.
  • This story is already being reported on the BBC as "a virus that infects mobile phones". Well, what's next, infected fax machines and telephone answering systems? As soon as technology is published, someone is trying to crack and abuse it. This is an old story. To paraphrase Dilbert, the designer of any hackable technology has to pit his wits against the collective urges of millions of idle young minds.

    The spate of email viruses is just, IMHO, a consequence of the Microsoft monoculture. Systems tend to evolve checks and balances, and computer viruses appear to play a fairly meaningful (if destructive) role in ensuring some kind of diversity.

    So, roll on the first true mobile-phone viruses. I predict that the first mobile phones to run the-OS-formerly-known-as-Windows-CE will be the easiest targets. My voice-activated GSM already makes silent phone calls whenever a car drives past, unless I lock the keyboard. Expect many very expensive unwanted calls to numbers in third-world countries.

    A computer virus can do unquantifiable damage to a system. Who can you sue? The long-distance calls made by a mobile-phone virus will be much easier to quantify. When the first major mobile phone virus wave hits, expect class-action lawsuits by the thousands of phone users affected. Ralph Nader, where are you?

  • Seriously, I don't think I've ever seen vbscript in a word doc or email that wasn't a virus. I guess that's innovation for you.

    I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting. But I agree that some of the stuff you can do with VBScript these days is *scary*.

    It's a pity Microsoft didn't put more consideration into security issues when they expanded from Wordbasic to full VBScript - now they have the situation where they have to keep releasing patch after patch to try and plug each new security leak.

  • Imagine what computer intrusion will be like when those peripherals that "play" smells gain wide market acceptance. Every 15 year-old script kiddie's mouth will water at the chance to make some unwary user's machine smell like a portajohn--using BackOrifice, of course!
  • YOU'D hate to on the beltway?! I LIVE IN DC, how do you think I feel!!!

  • ...to clue politicians in.

    I don't believe any politician is particularly affected by email spam: they typically have front-end staff that filter the mail.

    I don't expect they have the same setup for their personal cellphone.

    The *ONLY* way that the laws about spam will change is when spam starts hurting politicians. The anti-spam SIGs are just not glamourous enough to garner attention from the politicos.

    Anti-spam SIGs that protest baby seal clubbing, maybe they'd get the attention...


    --
  • The Telefonica virus uses an http based message gateway. These are extremly common in europe, and most of them have "spam checking", e.g. will not send two identical messages within a given time. Search google for "free sms" to find these (usually ad-financed) services. Some of the more sophisticated gateways want username and password. The telefonica virus generates random (spanish) mobile phone numbers. (Here in Europe, Cellphones have distinct area codes. In Germany, e.g. 16x and 17x are used or reserved for cellphones) Walter
  • Not true

    You can SMS someone without using an email gateway - you just need a modem and a dialup that lets you sens SMS.

    There are packages available for this already.

    Also, companies like SMS-WAP.com let you send a message to a large number of randomly generated numbers.

    -Ciaran
  • When you can have a script that actually sends you some usefull stuff on your cellphone ? Check out the script in my sig...

    Anyway, this was bound to happen, with all the SMS gateways springing up everywhere. Does anybody know of global SMS gateway sites besides Quios [quios.com] ? I was trying yesterday night to get my slashsms.pl script to work with it, but they use a very clever method to spoof the location of their cgi for every session, and I didn't have the time to work around it.
  • Well...
    That sucks. I get money ( not much) when I somebody calls me on my mobile so very telemarketer is can happily call as long as they don't require me to listen.
    Now sms i quite another thing that would be really
    annoying. Not that I've had afriend that DoS my phone. Not... Not really. Well you can still call with and any incoming sms just gets delayed so it's still usable but clearly annoying.
    Anyhow receving SMS doesn't cost any money either.
    Get another mobile phone company.

    But since I'm Sweden I don't know how it is in the states. However I've heard some wild stuff. Like this... Well...
  • What? Like it can get any worse?


    Transit time in California is bad because you have to go far.


    Transit time in DC is bad because the traffic FSCKING SUCKS!!!

  • It was a month or so ago, when I received this SMS message on my mobile:

    TELSTRA, OPTUS AND VODAFONE NOW SUPPORT INTER-NETWORK SMS MESSAGES. FORWARD THIS MESSAGE TO 15 PEOPLE AND YOU WILL GET $20 CREDIT ON YOUR NEXT BILL.

    I didn't know whether to laugh or cry.
  • Holy bejeesus this sucks. I'm so tired of reading stupid haiku, and it _still_ gets moderated up. It was funny the first couple of times, then it was kinda boring, but now it's just plain annoying. Making up some ranom haiku is not funny any more.

    Gfunk
  • i wouldn't want to be on the beltway to begin with.

    (that's why i'm moving from 50 minutes away to 15 minutes away from my job in Reston. no I-495 for me, thank you.)


    ------------------
  • Eh, not bad really :) The real tough part is having to wear a suit, ugh, that's really not me... and the code base here is pretty nasty. All in all it's going okay, settling in...

  • Java, on the other hand, automatically denies any script, or any code downloaded from the network, the privileges to do anything remotely dangerous. If the applet or other piece of code requests permission to do so, the user is given a clear warning that it is dangerous to permit it...

    This is a problem waiting to happen. So users click on their friend's email attachment. The user is prompted

    The certificate signing authority /Arbitrary wishes permission to the following action: Permission to execute

    The end-user, knowing that they want to launch it, think this is silly, and just click "Permit"

    Then the user is asked from some obscure signer for permission to access the file system, to access other programs, etcetera. A large enough number of users will think this a nuicense, and just click "Permit" until their attachment runs.

    There has to be a better way. If perhaps we could pre-approve all local signing authorities, and refuse everybody's ability to "Permit"... but then one user who knows a little bit too much could spread a virus/trojan/worm through a cooporation like wildfire.

    Maybe we should just give up, go back to the CLI and hand all our users manuals. It keeps the stupid people away.

  • you are obviously a clueless admin and should not be let near an NT box. Runnign you normal account ith admin privs is wrong.

    Well, I don't normally bother responding to flamebait, but on this occasion...

    I'm not totally dumb. In addition the corporate firewall I also run AtGuard (now part of Norton IIRC) which keeps an eye on any active content from the Web, and should also trap anything unauthorised that tries to send information back out. Also I don't run Internet Explorer, so the worst idiocies of ActiveX are not an issue for me.

    On top of that we also have a clued in administrator (I am not an administrator, I just look after my desktop box) who keeps our virus checker up to date and does threat monitoring on the servers. ILOVEYOU didn't get in here.

    Finally, I spent about six months trying to run with separate user and admin IDs, and believe me it just wasn't worth the hassle. There are so many little jobs, from defragging the hard drive to updating the IP configuration, that have to be done by an administrator. Its just too much trouble.

    Sure, it would be better practice to keep separate IDs. But this brings me back to my original point: the fact that I can't do "su" or equivalent means that NT is less secure than it might be because human beings (I am one you know) have better things to do with their time than save all their work, log out, log in, wait for Outlook to fire up, wait for Netscape to fire up, do whatever is needed, repeat.

    So, mister clueless pratt, what are you going to do now?

    Paul.

  • The next phase is a worm that posts flamebait to Slashdot from your account.

    (Wouldn't be so hard. The difficult part is finding the URLs for actual stories.)
    __
  • Hm, this now makes sense. This morning, my toaster burned "I Love You" into the back sides of my slices of toast. I pushed them back down to see if I could even out the crispiness, but then my phone rang, my blender started to spin, my faucets turned on, my fan went to high, and my dishwasher started ejecting my pots and pans. I tried to close the dishwasher door (to protect myself from the pans), but then my fridge spontaneously defrosted, the lights started flicking on and off, my car alarm went off, my radios and TV turned on and started switching channels, and my vacuum cleaner went wild, moving erratically across the floor. Finally I managed to grab a baseball bat and knock the X10 master out of its socket, and everything stopped.
  • "You know what's crazy? Majority rules. *THAT'S* crazy."


    Bad Mojo [rps.net]
  • Moderators, when you see the above comment, moderate it to +5, Hot Grits and Natalie Portman (Naked and Petrified)! The man deserves it!

    Thank you.

  • yahoo:"They also said the attack is relatively benign, as it does not destroy computer files..."

    microsoft:"The virus has a nasty payload, as well -- it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult."

    what gives?
  • No, messages can't just magically appear on your phone but they can appear quite easily. You could easily create a virus that spams cell phones, for instance:

    AT&T uses "555-555-1234@mobile.att.net" where 555-555-1234 is the cell phone number and mobile.att.net is the email-2-mobile gateway. Most cell phones use their own exchange apart from the land line community phone exchanges. So, you store a few email-2-mobile gateway servers, store a few exchanges for each gateway and just spin through all viable numbers. Quite easy. This is sort of what the afforementioned virus does, just much simpler.

    I would think there would be a simple way to get around this too, maybe some cell phone companies allready do this. Since the cell phone service providers are the ones that provide the cell-2-mobile gateway why not set up an access list for each cell phone. Usually, you don't use your cell phone as a main mail reader and composer, usually you get messsages from a certain group of people. If a person trying to email your phone isn't on the access list, the gateway could simply email them a response telling them so and to send the message again or approve it for it to trully go through.

    I just hope that someone doesn't come up with a way to *voice* spam cell phones...

    Geoff
  • When I had a pager I had 150 msg's included and then some sort of fee for every message above that. I don't have messaging on my cell phone because it's an extra $3 a month and people might as well call me. I haven't looked into the short messaging on the cell phone since it's a bit more extra than I want to pay considering they make me pay for all sorts of functionality that I don't ever use (call forwarding...)

    How do they know that they're sending the short message to a pager and not a cell phone? in the USA the numbers are all the same with no distinguishing characteristics. I'm not sure if the $3 is for unlimited or for a certain # of messages or what it's for, I'll have to look it up.
  • What is it with VBScript and viruses lately? I wish I could say that I'm reluctant to jump on the anti-MS badwagon, but I'm not. It just seems like all of the recent computer "Pathogens" have been targeted at Micro$oft products.

    Clear impoication: MS VBScript implements poor or no security. It's nice that there's a scripting language, but more time should have been spent ensuring that its use would not be a threat to users.

    -- Carl
  • I hate to make a trite post, but with a little perl scripting and everybody's friend Mr. Wakeup [mrwakeup.com], one could do an awful lot of damaging mischief with this sort of thing.
  • "New Virus Bombards Mobile Phones With Junk Calls"

    No, it bombards their cell phones with SMS (short for Short Message Service) messages, not phone calls. I wish slashdot article posters would pay more attention to what they are typing and read more carefully.

    Geoff
  • somebody else to finish this discussion and keep Zopilote informed.

    Alright, now that you understand the philisophical angle of the virus, you are prepared for random-walk theory. This may be some heavy reading.

    Random walk theory is based on the idea that any two people can be connected by going through six people, in a sort of link. You and Linus Torvalds are connected by:
    1. You flame JonKatz in one of his articles.
    2. JonKatz knows CmdrTaco.
    3. CmdrTaco knows Linus Torvalds.

    Now, random walk theory is the combination of the six item connection theory and randomness theory. Random walk theory states that given N items, it will take a randomly walking pointer 6N-5 or less jumps to get to all of them, given that all are linked to everything else. This implies that given a million node internet, it will take apprx six million emails to deliver a virus to every node. The thing is, when you run this through a GCC optimized sorting routine, it drops to a maximum of a million, or one jump per node. This implies that the massively interconnected structure of the internet is the perfect medium for a virus to be transmitted.

    Now, perculation theory. Perculation theory relates to the chance of a certain event developing in a chemical reaction, given all of the factors present. The current perculation constant (experimental derivative from the perculation theory) is approximitely 99.919%. The inverse perculation constant is 0.081%, and it has been estimated that the trailing third digit of the percent is due to gravitational and quantum fluxes in the area at the time. That leaves the inverse perculation constant at 0.08%. Now, random walk theory tells us that the internet is the perfect medium for a virus, and given the large number of malicious programmers connected via the internet, the perculation constant seems to apply. Except that it also applies to the anti-virus companies, who have the same environment for preventing it. In total, when you work out the ratios, you have an inverse perculation constant of sucessful virus developers. Now, given the hypothetical million node internet, approximitely 8000 sucessful viruses come into existance at a constant rate. Now, the chances of one of these sucessful viruses surviving the same unit of time is calculated by continuing a constant derivation of the inverse perculation constant. That would be 1,000,000 * (.0008^days). Random walk theory says that if the virus reproduces at the maximum sustainable rate for the internet capacity (one request per infected server per hour, equalling, in the hypothetical 1,000,000 server environment approximitely n^2 while n^2 is smaller than 1,000,000 requests), meaning that the maximum capacity for a virus is, for the first day:

    1st Day: 8000 survive, 8000*(1) infected = 8000
    2nd Day: 49 survive, 49*(4) infected = 196
    3rd Day: 30 survives, 30*(9) infected = 270
    4th Day: 58 survives, 58*16 infected = 928
    5th Day: 689 survives, 689*25 infected = 17,223
    6th Day: 237,324 survives, 237,324*36 infected = 1,000,000 (maxed out)

    As you can see, it only takes six days for a virus to take over the internet if it isn't properly contained. Java container classes may help, but if even an inverse perculation constant of the requests get through, as they will any security model on a sucessful platform like this, your security is worthless. It's only a matter of time before something breaks through, through incompetent users or faulty implementation.
  • IIRC, VBScript wasn't only intended for paragraph formatting.

    Yes, but the person I was responding to said:

    I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting. [emphasis mine]

    Hence, my curiosity about what kind of paragraph formatting one could possibly be doing that requires a Turing complete language.
  • Actually, I believe this is another trojan horse :-)

    As for the name, you might as well get over it. We're stuck with "virus" until jounalists start doing actual research (sometime after hell freezes over).

  • Sorry, that was really dumb. But still, I need to check to see if my account is working again or not; it broke or something.

  • by Matt2000 ( 29624 ) on Tuesday June 06, 2000 @06:57PM (#1020480) Homepage

    This will be interesting as most cell phone pricing packages charge you for an email message received on your phone whether you want it or not. What will happen when they let through 300 messages from a worm cruising around and you get a $150 phone bill.

    Spam from these sorts of viruses is irritating when you're on a flat rate internet connection, it's gonna be a serious issue when you pay per message.

    Hotnutz.com [hotnutz.com] - Funny
  • by Halster ( 34667 ) <haldouglas@@@gmail...com> on Tuesday June 06, 2000 @08:27PM (#1020481) Homepage
    I hope the people involved in developing the "wired home" and associated technologies take note of this.

    I can imagine it. The Saturday Night Fever Virus. It triggers at about 11:00pm on a Saturday. All your lights start flashing on and off, your stereo starts playing a BeeGees track and your toaster burns some toast (for that authentic nightclub-smoke atmosphere).

    Or even better... the ILoveYou@Home virus. Your bed starts vibrating, the lights dim, the stereo starts playing some romantic music, then it rings your neighbor and starts the same thing at their house! ;)


    "How much truth can advertising buy?" - iNsuRge [insurge.com.au] - AK47
  • But there is a place in the outlook mailbox to store phone numbers. I can't wait until someone figures this out.

    Hint: If you live in US, CA or JM and have numerous contacts in JP, OZ or NZ you could go broke in no time. Forcing the modem to dial silent and call the numbers found in order then repeat the process with a pause between calls. Handing over the port when another app wants it would help too.

    Basically this is the beginning of a Virus that could have a direct and expensive impact on a large number of people. I.e. Anyone with vulnerable software and wetware ( wetware == human or brain depending on context ) who has a modem on the machine could wind up many $$$ in debt.

    This is not fare by any means and I hope it dosn't actualy happen. However that hope may be in vain just like the one about nobody figuring out how to make ILOVEYOU self modifying.
  • by FFFish ( 7567 ) on Tuesday June 06, 2000 @08:30PM (#1020483) Homepage
    THIS PAGE [mtnsms.com] lets you send SMS messages to anyone you care to.

    One wonders if they're harvesting spam-able phone numbers...

    (hit Google and type "send sms message cell phone" and you'll get another few sites that let you do the same thing)

    --
  • by Anonymous Coward
    Ask yourself this question: what exactly is 'scripting' ?? Scripting is the screen door in the back yard of your beloved computer. It's the 'nice' feature that does 'fun' things for you and your family. It's a way to execute instructions on your host without the rigors of software installation:

    less README
    less INSTALL
    (possibly) examine source code, Makefile, etc
    ./configure
    make
    make install
    execute

    ... this never happens with scripting. A couple of UI atoms, a click, a CR, and BAM! Something foreign is running on your computer. Maybe it's your own, maybe it belongs to your employer, maybe it's a gov't owned CRAY.. it doesn't matter, it's running.

    I know, Perl is wonderful (VB much less so), the shell script venerable, and I use these tools all the time, but if you think about it, allowing this kind of execution in an untrusted environment is just inviting disaster.. eventually.

    It will happen, mark my words, it will happen, even to the elite. A destructive trojan is only as far away as freshmeat and your root prompt. How many of us can say it will never happen to us? Do you trust FM implicitly? Do you read every line of script source before you execute it? If you do, then you are far better than I.

    When the Windows world is tossed about like a reed by these virii, I do not laugh, I worry. It's only a matter of time before I take one for the team myself, and I know that.
    --
    Dave

  • As far as I know, most cellphone companies have mail gateways to phone's messaging. I was always wondering, how many time would it take for spammers to discover this thing. You can spam *every* mobile phone in existance, just taking random numbers and using it as a key for the gateway. I was just wondering why they don't do it yet, really?
    So, here goes the first one.
  • I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting.

    Out of curiosity, why do you need a Turing complete programming language to do paragraph formatting? I just can't imagine what you can pratically do with VBScript wrt paragraph formatting that you can't do as easily, or even easier, without VBScript.
  • The Lycos article says.. "Security experts said the virus is the first to hit mobile phones, although they emphasized that the worm is propagated by computer and not via the telephone system. They also said the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica. " But the MSNBC article says.. "The virus has a nasty payload, as well -- it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult. " Who's right? Al.
  • In Europe, the caller pays.
  • MSNBC writes "a virus that infects mobile phones" - well, just plain wrong: No mobile phone can execute VBscripts. The virus infects ordinary PCs the same way the "I love you" virus did it, but just besides the ordinary stuff, it might also try to send a few SMS... But the phone doesn't get infected...
    I hope Slashdot wont't publish such plain wrong stuff again! Just because it's written on msnbc doesn't mean it's true, mind you!
  • IIRC, VBScript wasn't only intended for paragraph formatting. It should be *the* scripting language for Windows (like REXX is for OS/2 or Perl for Unices). It was designed that you could do every administrative task you might want to in VBScript. Of course with the inherently insecure Windows environment, it can also do everything a worm/virus programmer might want to do on your machine...

  • "merely delivers a message disparaging the Spanish telephone company Telefonica" "The message is in Spanish, and the message is directed at a Spanish operator." "We believe the worm originated in Spain" Wow, that's such an amazing comment, who would have thought with _all_ that evidence that they'd managed to figure out it came from Spain! :) Yet another pointless report about some idiot that felt compelled to write a windoze exploit. Not that I mind personally - the more windoze viruses there are, the more people will get pissed off with Windoze in general... -- Jon. "You didn't look inside my anus; you didn't look everywhere"
  • ...can be found at VirusList [viruslist.com]. Appearantly, it installs a trojan hores which deletes files and cmos information on the next bootup.

  • I have an alphanumeric pager that I keep for monitoring our servers and it is usually spammed about once a week. Don't ask me how they ever got ahold of my phonenumber/email address for this pager. I suspect that paging service provider is selling these numbers off for profit, but I could be wrong. However, it is rather annoying when my pager goes off and I just about have a heartattack thinking one our servers is down only to find out that it is nothing more than another advertisement . Not to mention that every page I get counts toward my monthly quotas and soon I will be charged to receive "spam".


    Nathaniel P. Wilkerson
    NPS Internet Solutions, LLC
    www.npsis.com [npsis.com]
  • How long does this haev to go on before M$ can get sued for defective products. Can you image having a defibrulator running on CE that gets spammed by a virus? Outlook is the Tobacco of computing.
  • If the power grubbing politicians get sufficiently pissed off by having their cell phones jammed with spam, maybe we can get laws passed to smash the spammers.

    Nah!, the spammers will just keep up the "campaign contributions" and we will be screwed again.

  • Do you know what we call them, collectively, in the hospital? Bugs.

    "Hmmm... Computer bugs?" No, that's already taken...

    That didn't stop the "ILOVEYOU virus" (worm whatever) from being called "The Love Bug" by the popular press.

    Words are words, and their meanings are defined democratically. What the lowest common denominator wants everybody gets, and if you fight it, you'll just get marganalised as an elitest snob. Sad, but apparently true. :(

    Thad

  • You can <A href="http://barrapunto.com/comments.pl?sid=100/06 /07/0224259&pid=55#95">check out the source code</A> at BarraPunto.

    IDKVB (I Don't Know Visual Basic ;), but it seems that it references Cmos.com when updating the registry.

    And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile).

  • Sorry for posting without previewing. This is what I meant to post:<p>

    You can <A href="http://barrapunto.com/comments.pl?sid=100/06 /07/0224259&pid=55#95">check out the source code</A> at BarraPunto.
    <P>
    IDKVB (I Don't Know Visual Basic ;), but it seems that it references Cmos.com when updating the registry.
    <P>
    And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile). To me it seems it is creating Cmos.com so it can write the Cmos to a file, and thus doing what it states, but I would like confirmation on what it is doing.<P>

    Javier 'Candyman' Candeira
  • Some time ago, when a friend of mine had a cell phone and I didn't, I'd send him text messages via a web page helpfully provided by Fido (the company selling us the service).

    This was very useful, but is trivially easy to spam via scripts. My friend even wrote such a script, to forward email from his account to his phone (before purchasing phone email service).

    It would only take one or two knowledgeable people saying "hey, that's neat!" to do that here in Toronto, and I'm sure Fido isn't the only company set up this way.
  • Why don't these phones have the capability for the owner to specify an address book of people he/she is willing to receive messages from?
  • Finally, a virus that targets something other than Outlook Express.

    That said, I will officially laugh my ass off if these phones are running Windows CE...


    Dammit, my mom is not a Karma whore!

  • good to hear. Though the suit thing would drive me nuts after about three days. Dressing nice is fun, but when you HAVE to wear anything it becomes a uniform, and I'm far too subversive for that ;-) Hope it goes well for you though!
  • Everything that's new (and mobile, digital phones are certainly still new) goes through a period where its limits are tested by those inclined to do so. I can't imagine any exceptions to this.

    While some of these 'tests' are valuable (look at DeCSS), others are irritating.

    I can certainly tolerate a little irritation in exchange for cool, new gear. Pass the Neosporin.

  • Well, since I run Linux and don't have a mobile phone that makes me totally immune to all currently know viruses.

    I suspect that there may be some countries where my current degree of smugness would be illegal :-).

  • This thing can't just magically make messages appear on your phone. In fact, just because your PC catches the virus doesn't mean you'll get the messages.

    At the moment it targets one specific email-2-mobile gateway. Many gateways have opt-in stuff and passwords so that human spammers can't abuse the system. This virus is simply exploting an open gateway, like that nntp gateway demon used to run.

    Melissa and the love bug got faxed to people through email-2-fax gatways (we one run at work, so I know what they're like). I have a few e-mail addresses for my mobile. This latest thing is an inevitable variation on an old theme. Nothing to see here, move along now.

    (That said, if I'd received "I LOVE YOU" on my mobile I would have thought it funny enough to take a photo and post it somewhere on the web ;)

  • 'Pathogen' wasn't always appropriate either (the same species can be a pathogen in one site, and normal flora in another).

    I don't see this being such an issue with computer pathogens, as most code is either inherently malicious/harmful, in which case it's pathogenic, or it's benign, albeit perhaps with bugs. Most people already distinguish between the two, since most people still refuse to consider MSWindows a trojan horse.
  • being poor is good, no junk calls
    Rock 'n Roll, Not Pop 'n Soul
  • Try www.iping.com. There is an interface on the
    web that allows you to call somebody else. With
    that service, we can easily write a script that
    spams thousands of thousands of people.
  • I have two email-2-SMS gateways setup for my phone.

    The first is a free service that just broadcasts the subject line. I can decide if I will allow it, disallow it or require a password in the subject line. I currently have it open and I forward a copy of all my email to it after hours.

    The second charges me for messages, but will send the first 100 or so characters, subject and message body. It has a range of filters including a maximum number of messages per 24hours and a block/accept list. I can block specific address or only allow certain addresses. I have this one setup to allow all, but only 10 a day. It's currently not being used.

    If it's important to you, you can filter out most of the crap, but I prefer to just turn the phone off when I'm asleep (or at the movies). I use pure SMS, so it's not like I'm going to catch a virus on my 8810. ("Smarter" phones may have exploitable holes, I don't know.)

  • You can check out the source code [barrapunto.com] at BarraPunto.

    IDKVB (I Don't Know Visual Basic ;), but it seems that it references Cmos.com when updating the registry.

    And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile). To me it seems it is creating Cmos.com so it can write the Cmos to a file, and thus doing what it states, but I would like confirmation on what it is doing.

    Corrected from parent

  • Behold: another reason Java should be used on these kinds of devices. Its built-in security model has yet to be breached in any significant way by a virus.
  • This is embarrasing, I managed to foul up my post -- twice.

    /me shoots himself on the foot. Twice.
  • Those sprint PCS bastards shut down the only DC based GSM network.. so much for competition.. Anyhow, about %75 + the US is going away from GSM so I don't think there's much to worry about.. laterz..
  • by gavinhall ( 33 ) on Tuesday June 06, 2000 @07:01PM (#1020514)
    Posted by serpens:

    The articles say different things. It looks like another journalist wasn't listening to what was being said.

    The Yahoo article:
    They also said the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica.

    The MSNBC story:
    The virus has a nasty payload, as well - it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult.


    Do journalists get anything right anymore???

    serpens`
  • The idea of "everything being connected" has been around for some time. Quick things that come to mind are Sun's JINI (or Java for that matter), Microsoft's "Home", and the X.25 protocol.

    To quote from the article linked to:
    The virus has a nasty payload, as well - it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult.

    So once again we have another VBS virus. But everyone on /. keeps ranting about the evils of VBS, the same thing could be done in Perl, or any other unix scripting lang. One user has already talked about Fido in Toronto and it's web message interface, Clearnet has the same thing. How long before some script kidde hacks a shell account and starts bombing cell phone from there?

    Back to the "networked home". Heres where people start to go overboard. I don't want my toaster on the internet, but I *might* want it on my lan. Simple firewalls can stop someone from toasting bread all day long in your house while you are at work...

    It's really sad to see that someone chose a virus to send their political message (the article has a copy of it if you want to read it). I'm all for political activism, but trashing someones HD will not get your point accross...

    To fix this problem, the SMS protocal needs to have some sort of accountabilty factored into it. Right now, you can send a message to anyone from almost anywhere. If a block sender/approved senders list was added to the spec, users could chose the level of security they want (Do you want to allow all, and only block some, or so you want to block all, and only allow some?)
    It will be awhile before we see the end of the VBS nightmare, but Linux users better watch out, it's been TOO LONG since someone released a virus that attacked some (yet) unknowen weakness in Linux/BSD.

    That's just my $0.02 According to antivirus researchers Kaspersky Labs, the virus works only on Windows 98 or Windows 2000 computers on which the Windows Scripting Host (WSH) is installed.
  • BLOW IT OUT YOUR ASS!!!!!!!!!!!!!!!!

    Good Idea. It might be safer than talking into the phone. I could try farting in morse code. However, perhaps with some practice I might be able to do 110 baud

  • Studies are proving that we are not as connected as thought.

    "The result is the development of the "Bow Tie" Theory. One of the initial discoveries of this ongoing study [ibm.com] shatters the number one myth about the Web ... in truth, the Web is less connected than previously thought

  • Sounds like you have a Poltergeist [filmsite.org] to me.
  • No, not Outlook, but still VBScript.

    The amount of cpu cycles spent on running vbscript
    breaks down as 98% virus / 1% virus writing / 1% non virus affiliated.

    Seriously, I don't think I've ever seen vbscript
    in a word doc or email that wasn't a virus. I
    guess that's innovation for you.
  • Surely a filter mechanism (c.f. email) would be better than a list of people you're willing to recieve from. It'd be a pain in the arse to get your message blocked because your mate hasn't added you to .addressbook.accept.

    This flooding of messages is just like DDOS: it's impossible to tell a real request from a fake one all you can do is look for validation of headers and block heavy loads from multiple requests.

  • The first thing to do is to never advertise your pager's email address. This gets around half of the problem. Getting around the half that they're easy to figure out is the phone companies problem to solve.

    The other thing to do is create an alias for it in your local domain if you do have to give it. Then, when your pageme@mydomain.com address suddenly becomes a target, you can change your mail aliases file and not have to change your phone number.
  • > Turing complete language...

    It's gotta be needed if you wanted to format recurive paragraphs: Gnu's Not Unix, Gnu's Not Unix, Gnu's Not Unix *clicking red shoe's heels together*

  • So once again we have another VBS virus. But everyone on /. keeps ranting about the evils of VBS, the same thing could be done in Perl, or any other unix scripting lang.

    The point is not the scripting language, its the fact that emailed executables can be run without the user's intent, and with full user privileges. On a W98 machine that means full root privilege because there isn't anything else, and even on my NT machine I have given my normal user ID full admin priviledge because it takes about 3 minutes to log out and log back in again, and there is no equivalent to "su".

    Compare this with, say, the Gnome 1.2 install. To initiate the installation I have to be logged on as root (and because "su" is so quick and easy its practical for me to stay in user mode most of the time). Then I have to cut and paste a long command line from the web page, because on Unix boxen there is simply no other way of getting the program run outside a sandbox. On Windows it would be "click here" to run a VBS script.

    This makes trojans and their relatives much harder to produce in Unix than in Windows.

    Paul.

  • This reminds me alot of a nasty little prank.

    Get the home phone number of someone you hate.

    Find a bank of pager numbers.

    Send random pages to various people at odd hours of the night with victim's phone number as the reply. (Some pager systems allow e-mail pages. This allows for AT or Cron jobs.)

    Repeat as needed.
  • It's really sad to see that someone chose a virus to send their political message (the article has a copy of it if you want to read it). I'm all for political activism, but trashing someones HD will not get your point accross...

    From the yahoo article:

    [...] the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica.
    From the msnbc article:
    The virus has a nasty payload, as well -- it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult.
    Who's right and who got it wrong?
  • NAI/McAfee called that particular virus W95/Firkin.worm:

    http://vil.nai.com/villib/dispVirus.asp?virus_k= 98557

    Symantec called it BAT911.worm:

    http://www.symantec.com/avcenter/venc/data/bat.c hode.worm.html
  • before u know, the next thing they will do is to kill the phone... then time to buy new phones , here come "thin client" phone !
  • The title of the article is wrong. This virus just sends SMS messages, it doesn't call anywhere. (For US readers: in GSM you have something like a pager every mobile, it's called Short Message Service.)
    It's very easy to spam mobiles, using GSM operators' e-mail or WWW gateways, especially when the e-mails/WWW requests come from different computers of the virus victims and the mobile e-mail addresses are easy to guess, like 123456@sms.yourgsmoperator.com..
  • In Europe, and probably in GSM in general, you don't pay for inbound SMS messages or calls. Given you also don't pay for E-mails sent to mobiles from Internet, it gives spammers very good perspective.. :-(
  • I have some good news for you. The FCC has ordered that the billing system will be changed to the way the enlightened countries outside the US have it. You pay for the calls you make, not the ones you receive. :-) We always had that system here and it means that alot of people carry a cell phone only to be called on and hardly ever use it to call with. This keeps the monthly bill down alot.

    I once heard a speech on this by the CEO of Ericsson in the Netherlands and he had been flabbergasted by the fact that somebody from Ericsson USA had been trying to play phone tag with him, while he naturally was carrying a cell phone. The american thought that the cell phone wouldn't be on anyways. Something which sounds completely rediculous to a European

    You suggested the following sollutions:
    Either make cell phone useage unlimited... or keep the first incoming minute free at least, I mean geez.
    Both solutions wouldn't work. The first one, because you need a flat rate, but that would favour those calling the most. It might result also in everybody trying to get their money out of it and thereby overloading the phonesystem. The second one is only a stop gap. The idea of a mobile phone is that you can be reached anywhere, by anyone. The idea is not that you have to be afraid that your getting poor, because people can reach you.

  • I think that something like this needs to get common in order to change that silly system you have in US. A shitload of junkmail through these email-2-cellphone gateways followed by a nice class action suit against the phone company for not providing adequate protection(after which all of that junkmail will suddenly stop.. =).

    I remember living in Europe while still attending high school and writing a nice program to go to my procmailrc. Uh all that beeping during classes when a messages arrived(I was subscribed to few mailing lists that had fairly high volume). I ended up having to hack it to fake the Referer-field when people hosting these gateways caught up. There were also several active at the time and to keep a low profile my gateway would just alternate between them.

    Irony of the situation is, however, that in Europe receiving spam email is worse. You pay for the local calls and thus essentially for receiving spam(amount of connection time for spam is pretty neglible, but still). In US local calls are free and with flat rate internet receiving few spams won't harm you at all.

  • Hrm, I agree that *nices are more secure because they make the user/admin distinction, but it's a mistake to think that this is not exploitable.
    How hard is it to run a create a executable that does the following if received by a user who runs it thinking its the coolest game from their buddy? (assuming the user is your average brain-dead user who clicks "YES" without reading a message box...isn't that most of them?).
    1. modifies .login/.bashrc/etc to change the path to ~/bin:/usr/bin:usr/local/bin:...
    2. creates a program in ~/bin named su which acts like a su program, but captures the password and uses this to infect the system
    3. emails it on...

    Similarly, it could instead modify .login/.bashrc/.cshrc/etc to merely run a keystroke logger (in both terminals and X) to capture the password when average user types in su. Sounds perfectly plausible to me...once Linux hits average users' desktops and the start following instructions telling them how to do stuff. Have to remember that these people have no clue what they're doing, and they are running on personal machines where they need admin rights to change things.

    On a side note, Win2K finally has ability to easily run a program as another user. You can create a shortcut to an application and specify that you want to run it as another user...and it will ask for username/password when you run it. Creating a shortcut to cmd and naming it "su" can come in handy...

  • by / ( 33804 ) on Tuesday June 06, 2000 @06:29PM (#1020533)
    The virus type, known as a worm, targets phones

    This is just plain wrong; viruses are viruses and worms are worms and never the twain shall meet. What we need to do is start using a general word like "pathogens" to describe all communicable software nasties. If people then want to get specific and say what sort of pathogen it is, then that's fine, but to treat "viruses" as a category encompassing worms and trojan horses and the sort is absurd.
  • After reading numerous posts, I think I know what we really need to get rid of the phone spam... Procmail. (well, something similar to that, anyways) SMS message comes in that has something from the wrong folks... > /dev/null.

    Hmm.. if it were going through enough hurdle and such, it might even work for getting rid of other stuff...

    Okay, minds working a little bit better now... (love that coffee)

    Anyways, how about this thought:
    SMS messages with some sort of accountability(as suggested by someone else) --however, allow annonymous ones as well(therefore keeping some level of backwards compatibility.) Then, if you don't want to recieve annonymous ones, dump them to an e-mail account automatically. Same thing with Spam and such... Hmm.. anyways, just a few thoughts:)
  • Your right. I'm from Toronto, and Clearnet has the same thing on their web site... no security......
  • I know how it works in the US (I don't think I implied anything about this anyway in my post). That being said, while I understand your concern about the caller paying the extra, the scheme we have makes sense, simply because:

    1. The overcharged cell phone numbers are clearly identifiable (they start with 06 instead of 0x where 1It discourages phone spammers -- no, I'm not interested in buying anything, and I would be upset about paying for advertising. Indeed, I've never had any direct marketers call me on my mobile phone, whereas I know that they have tried to call me several times at home (though it's clear far from being as bad here as in the US).
  • Personally, I really, really miss the AC ranting about the inability of white boys to play funky music.
  • The phone-spamming bit is the payload. The messages sent to the SMS gateway are virus/worm/trojan free. And there's no real need to make it a virus - that's just one way of distributing the message. Another would be a spam system that makes the return address a random [whatever]@mobile.att.net (or similar) address, different for each e-mail. Then when they bounce back, or people reply to them, they get send to a Random Phone. This was how demon's NNTP gateway was abused.

    Heck, all you really need to do is start posting messages to Usenet with a random @mobile.att.net (or similar) address each time and other people will spam the phones for you...

  • Over here in Australia, we don't need a virus rining an emergency number.. our emergency number is '000' - in a recent article, they mentioned that a significant (but not excessive) percentage of calls are from people with mobiles that keep bumping the '0' key. ;-)
  • I have some good news for you. The FCC has ordered that the billing system will be changed to the way the enlightened countries outside the US have it. You pay for the calls you make, not the ones you receive. :-) We always had that system here and it means that alot of people carry a cell phone only to be called on and hardly ever use it to call with. This keeps the monthly bill down alot.

    Well actually most people here (France) have a cell phone to call other cell phones. Calling a cell phone from a land line is a complete rip off ($0.50 / minute?) whereas calling nation wide or cell phones FROM a cell phone is very cheap, esp. with "forfait", which gets as low as $0.10 or something a minute (I have 240 min a month for $30, but I don't even use half of it).

  • by nstrug ( 1741 ) on Wednesday June 07, 2000 @04:46AM (#1020550) Homepage
    No - receiving an SMS message is free - just like receiving a phone call. You only pay for outgoing calls. I think it is only in the US where you pay for incoming calls.
  • I have one of these phones also. While there is nothing I can do about text messages (which are either from the Fido web site or other Fido user's phones), I can filter the email. The email settings allow me to only allow certain times, users, or even subjects to be allowed through. I don't have this enabled right now, but if I start getting spammed I will.

    FunkyDemon
  • Oh, this reminds me of a hobby I used to have; when I got business cards from people I didn't like (annoying car salesmen for instance) I'd gather a little pile of cards and, if they had pager numbers, start paging them with each other's pager numbers a few times. It was enjoyable in some vaguely perverted way. :-)

    -pf

  • by the_other_one ( 178565 ) on Tuesday June 06, 2000 @06:44PM (#1020556) Homepage

    This is scary. We could all be wiped out by a disease spread by a dirty telephone. I'm going to hire a telephone sanitizer right away.

According to the latest official figures, 43% of all statistics are totally worthless.

Working...