The table below aims to identify the mobile phone viruses that are currently known and verified, and also reveals those that are merely hoaxes. At the moment, curing mobile phones that have been infected with a virus is normally only possible by taking the handset to your service provider to have the handset reset.
Please note that the best way to keep yourself protected from any mobile phone virus is simply to not install any content that comes from an untrusted source. Most of the current virus threats are only applicable to Symbian based handsets and infection can be avoided by screening which files you choose to install on your handset. If you are unsure of the file type or where it came from, don't install it. Symbian accredited software will be digitally signed and offers no threat, but if you are trying to install content that has not been accredited, then as you install the software, your Symbian phone will issue three warnings that the file has not been verified by Symbian. If you see these messages, installing the software could damage your handset. Also be aware that some viruses can be installed via games and ring tones. Always avoid pirated content, be careful what you install and never accept a connection from any Bluetooth device that you do not know or recognise. Following these basic steps will protect you from 99% of threats.
One other way Virus' spread is via memory card, should someone have content on a removable memory card you wish to share please be aware that this could also carry a Virus which will not require your authorisation to install. As this is a fairly new threat this topic will be updated when further information becomes availiable.
| Name: |
 |
ACE Virus |
| |
|
|
| First Reported: |
|
Sep-99 |
| |
|
|
| Description: |
|
By answering a call when your phone's screen displays the word "ACE", all IMEI / IMSI details will be erased from your handset. |
| |
|
|
| True or False: |
|
False |
| |
|
|
| Prevention: |
|
N/A |
| |
|
|
| Cure: |
|
N/A |
|
|
|
| Name: |
|
Blankfont.A |
| |
|
|
| First Reported: |
|
Aug-05 |
| |
|
|
| Description: |
|
Spread via Bluetooth, this Trojan virus is contained with a file called rally_2.sis. Installing this file will corrupt all the text on your handset rendering menu navigation awkward or impossible. Once phone is rebooted it makes removal of the file impossible. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install rally_2.sis file. |
| |
|
|
| Cure: |
|
Ensuring you do not turn off your phone, simply uninstall the rally_2.sis file via Symbian application manager. If you have rebooted your phone your handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
Cabir.AA |
| |
|
|
| First Reported: |
|
Oct-05 |
| |
|
|
| Description: |
|
Cabir spreads via Bluetooth, arriving in your phone's messaging inbox usually as a file named Cabir.sis.
This particular variant creates the same problems as Cabir but will display a worm on phone startup and
some icons may turn into worm logos. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Turn Bluetooth off when not in use, never accept a file you cannot verify. |
| |
|
|
| Cure: |
|
Handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
Cabir/Cabir. A/Epoc/Caribe |
| |
|
|
| First Reported: |
|
Sep-99 |
| |
|
|
| Description: |
|
Cabir spreads via Bluetooth, arriving in your phone's messaging inbox usually as a file named Cabir.sis. When opened it will attempt to install itself. Upon infection it will begin to search for other active Bluetooth devices and will drain battery life very quickly. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Turn Bluetooth off when not in use, never accept a file you cannot verify. |
| |
|
|
| Cure: |
|
Handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
Cardtrap-A |
| |
|
|
| First Reported: |
|
Sep-05 |
| |
|
|
| Description: |
|
A malicious cross platform virus which can infect a users PC with malware. This occurs when the memory card is removed from the mobile phone and inserted into a PC in the attempt to remove the offending .sis file. Infection on the handset causes some disruption to installed applications preventing access to applications. Main aim of the virus is to infect a users PC with the trojan/worm Padobot which disables security within the users PC. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install Black_Symbian v0.10 or any uncertified Symbian applications |
| |
|
|
| Cure: |
|
For your handset you may be able to remove via file manager direct from phone failing that handset will have to be reset by service provider. Contact you PC vendor for advice if your PC is infected. |
|
|
|
| Name: |
|
CommWarrior |
| |
|
|
| First Reported: |
|
May-04 |
| |
|
|
| Description: |
|
This virus is spread via an infected MMS with an attachment that, when opened, will infect the handset. The attachment is normally entitled "Free Virtual Sex", "Security Update", or "Norton AntiVirus Update". Opening this attachment will disable normal operation of the handset. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
If you receive an MMS with an attachment with named as above or from an unknown source do not open it. |
| |
|
|
| Cure: |
|
Handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
Engineer Call Hoax |
| |
|
|
| First Reported: |
|
Mar-01 |
| |
|
|
| Description: |
|
"Everyone please be warned: If you get a phone call on your mobile from any mobile phone 'company engineer', telling you that they are doing a check on your phone and that you must press #90 or 09#, END THE CALL IMMEDIATELY! without pressing the numbers.
There is a fraud company on the go who have devised a device that once you have pressed #90 or 09#, they can access your SIM CARD and make calls from it at your expense.
Tell as many people as you can so we can stop this."
|
| |
|
|
| True or False: |
|
False |
| |
|
|
| Prevention: |
|
N/A |
| |
|
|
| Cure: |
|
N/A |
|
|
|
|
| Name: |
|
Fontal.A |
| |
|
|
| First Reported: |
|
Jan-05 |
| |
|
|
| Description: |
|
Called KILLSadam.sis, this file will spread via Bluetooth and upon installation will corrupt your handset's menu fonts, rendering your phone inoperable. The virus does not become active unless you reboot your phone. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install KILLSadam.sis file. |
| |
|
|
| Cure: |
|
Ensuring you do not turn off your phone simply uninstall the KILLSadam.sis file via Symbian application manager. If you have rebooted your phone your handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
ICE Hack |
| |
|
|
| First Reported: |
|
Jul-05 |
| |
|
|
| Description: |
|
This hoax claims that entering an ICE (In Case of Emergency) contact within your phonebook will enable others to make calls or steal PAYG credit without your consent. |
| |
|
|
| True or False: |
|
False |
| |
|
|
| Prevention: |
|
N/A |
| |
|
|
| Cure: |
|
N/A |
|
|
|
|
| Name: |
|
Incoming premium rate call |
| |
|
|
| First Reported: |
|
Jun-05 |
| |
|
|
| Description: |
|
This hoax claims that if you receive a pre-recorded call saying "Congratulations, you have won a holiday/prize..." and you attempt to claim the prize by pressing 9, you are agreeing to a £20-£50 per minute premium rate call charge. |
| |
|
|
| True or False: |
|
False |
| |
|
|
| Prevention: |
|
N/A |
| |
|
|
| Cure: |
|
N/A |
|
|
|
|
| Name: |
|
Mabir.A |
| |
|
|
| First Reported: |
|
Jul-05 |
| |
|
|
| Description: |
|
If you accept and install a file named either Mabir or similar your phone will become infected. All received SMS + MMS messages will be automatically replied to with the infected Mabir file without users consent. Will also propagate via Bluetooth to those in range. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install Mabir.A.sis file. |
| |
|
|
| Cure: |
|
Handset will need to be reset by service provider. |
|
|
|
|
| Name: |
|
Mquito |
| |
|
|
| First Reported: |
|
Aug-04 |
| |
|
|
| Description: |
|
A cracked version of the popular Mosquito game, this virus spreads via Bluetooth or can be downloaded and installed via PC. Installing this game can send a premium rate text message each time it is used, costing the user £1.50 per message. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install Mquito.sis file. |
| |
|
|
| Cure: |
|
Uninstall file via Symbian application manager. If you have rebooted your phone your handset will require reseting by your service provider. |
|
|
|
|
| Name: |
|
Onehop.A |
| |
|
|
| First Reported: |
|
Jul-05 |
| |
|
|
| Description: |
|
After accepting and installing a file called Bootton you handset will crash regularly, when accessing menu or answering calls. Spreads via Bluetooth. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install Onehop.A.sis file. |
| |
|
|
| Cure: |
|
Handset will need to be reset by service provider. |
|
|
|
|
| Name: |
|
Pbstealer |
| |
|
|
| First Reported: |
|
Jan-06 |
| |
|
|
| Description: |
|
Pbstealer is a Trojan application that identifies itself as Pbstealer.d, pretending to be a software utility that allows you to compact your phonebook. Instead it reads the full contact and sends to any and every Bluetooth enabled device in range. Once connected to another device it sends you complete contact list in a text file. This will not infect other devices unless original file is sent. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install Pbstealer.d/c or any uncertified Symbian applications. |
| |
|
|
| Cure: |
|
For your handset you may be able to remove via file manager direct from phone failing that handset will have to be reset by service provider. |
|
|
|
| Name: |
|
RedBrowser.A |
| |
|
|
| First Reported: |
|
Feb-06 |
| |
|
|
| Description: |
|
This is a particularly nasty "virus" that can affect most mobile phones, it utilises the Java (J2ME) platform claiming to offer free web browsing via SMS. In actuality it sends a constant stream of user chargeable text messages simply requiring the users consent once. Spreading via Bluetooth affecting any handset that supports Java (as per current information).
This has be known to affect BlackBerry, Nokia, SonyEricsson and Motorola products - making it one of the first true cross platform virus'. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install RedBrowser.a file. |
| Cure: |
|
Should you install or receive this simply delete via the menu. Deletion in each device will differ so refer to your instruction manual if unsure on how to uninstall applications. |
|
|
|
|
| Name: |
|
Skulls.H |
| |
|
|
| First Reported: |
|
Apr-04 |
| |
|
|
| Description: |
|
Spread via Bluetooth, this virus replaces pre-installed applications with non functioning skull icons and renders the phone inoperable. This file is often called nokiaguard.sis, but other file names have been reported. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install nokiaguard.sis file, and only install certified files from trusted sources. |
| Cure: |
|
Handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
Skulls.I |
| |
|
|
| First Reported: |
|
Feb-04 |
| |
|
|
| Description: |
|
This virus masquerades as legitimate anti-virus software from F-Secure. Installing the file will disable all third party applications and corrupt. installed applications. This file is indistinguishable from genuine
F-Secure antivirus software, except that is is NOT accreditted or digitally signed. |
| |
|
|
| True or False: |
|
True |
| |
|
|
| Prevention: |
|
Do not install any F-Secue anti-virus software that is not digitally signed. If the software you are trying to install is not digitally signed, your phone will warn you 3 times that it is not accreditted. |
| |
|
|
| Cure: |
|
Handset will need to be reset by your service provider. |
|
|
|
|
| Name: |
|
XALAN |
| |
|
|
| First Reported: |
|
Mar-02 |
| |
|
|
| Description: |
|
By accepting a call when the display shows XALAN you will erase all IMEI and IMSI data from your
handset. |
| |
|
|
| True or False: |
|
False |
| |
|
|
| Prevention: |
|
N/A |
| |
|
|
| Cure: |
|
N/A |
|
|
|
|
*Disclaimer; The information above is intended as a guide and is for reference only. To the best of our knowledge, all the information above is accurate at time of publication and is subject to amendment without notice. Isis Telecommunications Management Ltd accepts no responsibility for infection or disinfection of handsets or devices.
