Many Users Underestimate Mobile Malware Threats

A considerable percentage of mobile users are not concerned about the risks they are exposed to when accessing the Internet from their devices, a recent study concludes. Antivirus vendor Trend Micro found that 44 percent of over 1,000 users surveyed are not practicing safe browsing from their phones.

The use of smart mobile devices running advanced operating systems such as Symbian, Windows Mobile, Android and others, has been constantly increasing during the past several years due to fast mobile Internet connectivity becoming widely available. Unfortunately, this is a fast growing market, which is seriously underdeveloped from a security perspective.

While there are a few devices with strong security mechanisms built-in, such as the BlackBerry, the vast majority of products and the environments they operate in are lacking in default protection. In addition, many mobile users are not showing an interest in third-party security solutions either, partially due to the misconception that the mobile world is free of the threats normally plaguing computer users.

"The respondents are actually more concerned of losing data such as contact numbers via physical phone loss rather than information loss due to Web threats and phishing or spam attacks. In fact, only 23% utilize security software already installed in their phones. Some even believe there is no use for such software as mobile phones are not as prone to security risks," the antivirus company notes.

Assumptions such as these are both false and very unfortunate, because they encourage malware authors to turn their attention at this new source of potential victims. This year alone, we reported on the discovery of three mobile trojans (Trojan-SMS.Python.Flocker, SMS.J2ME.GameSat and SymbOS/Yxes.A) targeting Symbian and J2ME (Java 2 Micro Edition) platforms.

However, according to Trend, mobile malware is much older and has been around since at least 2006. It is also concerning that, unlike computer malware, which is usually short-lived, these threats are still active today. The company exemplifies by naming SYMBOS_BESELO.A, SYMBOS_VIVER.A, SYMBOS_FEAKS.A, and SYMBOS_YXES.B, which target Symbian, and WINCE_INFOJACK.A and WINCE_CRYPTIC.A, which infect Windows Mobile phones.

A separate report released by security giant McAfee back in February revealed that half of the global mobile device manufacturers reported their products being affected by security issues in 2008. The types of threats varied from exploits to voice and text spam and affected at least one million devices. Most of the large antivirus developers have included security offerings for mobile devices in their portfolio, so users are free to consider and test such solutions from their favorite vendor.