Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The end is nigh: first true MMS mobile worm in the wild

From: Feher Tamas <etomcat () freemail hu>
Date: Tue, 8 Mar 2005 12:56:22 +0100 (CET)
Hello,

There are two alternative definitons for a computer worm:

A., A malicious piece of code that replicates between
systems by creating new objects on the system to be
infected, as opposed to embedding itself in already existing
objects (a virus does this).

B., A worm is something that spreads between infected
systems over the network, either directly (e.g. SQL-worm) or
by way of a higher protocol (e. g. SMTP e-mail worm). In
contrast a virus spreads between objects, via physical data
storage media when jumping from one machine to another.

IT security pros overwhelmingly use def. A, the public
better understands def. B.

The fact that human action (e.g. double click on
BGK-ffn-ad-for-Starbucks.exe mail attachment) is needed to
infect, does not ban a piece of malware from being a worm. A
lot of SMTP worms depend on dumb user to infect and spread.

A mail that does not have malicious machine code, but relies
on human readable plain text code and social engineering
tricks to spread is usally called a hoax or an "albanian virus".

There are worm-viruses. For example Magistr.B, the assembly
masterpiece from autumn 2001 was a worm-virus. It spread in
e-mails and over SMB LAN shares. It could also infect inside
files on the system and did encoding to destroy data. It was
damn hard to disinfect because of this.

I think the nature of Symbian.Commwarrior is not exactly
clear yet. But by considering the popularity of triple-cross
and pr0n content on the Net, a pink-factor driven MMS mobile
malware should have a bright future. People click when they
can't f*ck. Sex sells, as the saying goes.

I does make sense to run for the hills, because GSM signal
strenght is weak or zero there so you won't become infected.

Sincerely: Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: