Three malicious programs are hitting certain mobile phones, antivirus companies have warned. The Trojan Horses, or programs that are disguised as legitimate applications, spread via Bluetooth or multimedia messages and can affect phones running the Symbian operating system.
The infection rate so far from the malware is low, Symantec reported in threat warnings issued last week.
The Bootton.E Trojan Horse was spotted last week by F-Secure and Symantec and is perhaps the most potentially crippling of the three. The program restarts the mobile device but also releases corrupted components that cause the reboot to fail, leaving the device unusable.
The Pbstealer.D Trojan sends an infected user's contact list, notepad and calendar to-do list to other nearby users via Bluetooth. The third Trojan, Sendtool.A, sends malicious programs such as the Pbstealer Trojan to other devices via Bluetooth.
Symantec and F-Secure both admit that these Trojans are unlikely to spread very widely. "They don't spread quickly because they're not purely autonomous," said Ollie Whitehause, a researcher at Symantec. Unlike worms on computers that spread without users knowing, the Trojan Horses hitting mobile phones spread as attachments that require users to download them.
So far, worms haven't hit mobile phones but it's very likely that people who write viruses are working on them, said Anton Von Trover, marketing manager at F-Secure.
Because current threats are caused by what David Wood, executive vice-president of research at Symbian calls "user weakness", antivirus software for mobile devices isn't necessary. "Unlike the case on desktop PCs where you need to have a firewall and antivirus software and you have to keep them up to date, that's not necessary on phones," said Wood.
But with the looming threat of vulnerabilities being found by malicious code writers, enterprises should do a better job preparing for the future, said Rob Bamforth, an analyst at Quocirca. His research shows that enterprises are much more lax about securing mobile handheld devices than laptops.
He advises enterprises to create a policy around securing such devices. Currently, that policy might not include antivirus software because the incidence of viruses seems to be low. "But there will be a problem, so they have to take the issue seriously while not necessarily taking every announcement seriously," Bamforth said. He warns that historically, most reports of viruses on handheld devices have come from antivirus software firms and not users, an indication that infection rates are probably quite low.