Mobile Worms and Viruses

Introduction

Mobile devices are much more connected to the outside world than PCs. The proliferation of mobile devices, with ever advancing technological features is mainly due to the platforms, like Android, iOS, Blackberry OS and Symbian that increasingly resemble traditional operating systems for PCs (Chen, 2008; Dagon, 2004). These mobile platforms can be extended by installing applications, which generally originate from third party providers. The various activities supported by these applications include sending or posting messages, organizing business or recreation, making payments or reservations and many more (Leavitt,2005A; Leavitt,2005B).

Smartphones with these platforms started as expensive business models, but their popularity with consumers has recently taken off. Currently, smartphones make up most of the world’s computers. And huge populations of users who have little or no experience with computers have started surfing the Web and sharing files with their phones. They would present mobile malware creators with an irresistibly large and unwary target. Bigger the target, bigger is the attraction for nefarious programmers (Ford,2004).

Viruses can let intruders access passwords or corporate data stored on a cell phone. Also, attackers can manipulate a victim’s phone to make calls or send messages, a crime called theft of service. Apart from utilizing computing power provided by mobile devices, the attackers have also started targeting the data (Delac2011). This is due to the fact that the smart-phones are becoming storage units for personal information through use of various social networking applications, personal organizers and e-mail clients. Thus, the standard malicious attacks for PCs, like worms and trojans, as well as attack vectors, like the Internet access, are becoming applicable to the mobile platforms (Cisco,2010; Ahmad,2011).

Though PC and mobile phones are affected by similar malicious attacks, the threat is more severe in the case of mobile phones. The primary factor for this is the ever increasing user base and the emergence of smart-phone technology. Also, mobile phones are almost always switched on and stay connected to the network. Unlike a PC whose neighboring network nodes remain relatively fixed, the “neighbors” of a mobile device keep changing with every change of location of the user carrying the mobile device. Further, mobile phone users are less security conscious than the average Internet user.

Even though it took computer viruses twenty years to evolve, their mobile device counterparts have evolved in just few years. This increase may be attributed to the fact that phone users want to communicate, and viruses want to be communicated.

Recent reports show that there exist sufficient vulnerabilities in these devices that could be exploited to cause harm to the device, to reveal sensitive information or to use the mobile device in a malicious way (Gostev, 2006A;Gostev, 2006C). Earlier, the malicious exploits for mobile phones had limited range and impact due to the constraints in both hardware and operating systems. However, the emergence of smart-phone technology that provides more computing power and functionality, a turning point is expected in development of malicious exploits for mobile hand-held devices.

Statistics have revealed that there has been an exponential growth in mobile malware during the last few years. In 2006, there existed at least 31 families and 170 variants of known mobile malware. However, this has increased to a staggering 2500 different types of mobile malware in 2010 (Gostev, 2006A). The emergence of new malicious programs for the year 2012 has been indicated in Figure 1.

Figure 1.

Monthly fluctuations in the emergence of new malicious programs, 2012 (Ref. Kaspersky Security Bulletin 2012. The overall statistics for 2012).