Could Sexy View SMS worm build the first mobile botnet?

By Davey Winder
Friday, 20 February 2009 14:05

Market

Watch out mobile phone users, a new worm is in the wild and spreading via text message.  Worryingly, security experts warn it could be building the world's first mobile botnet.

Although, as iTWire has reported, the worm of the moment is still most certainly Conficker that does not mean it is alone in the wild.

61 percent of the global population, or around 4 billion subscribers, now use mobile phones according to recent reports. There will also soon enough be 300 million smartphones in the mix according to Juniper Research.

So it should come as no surprise that the bad guys are paying close attention to the mobile malware market. Symbian OS based worms are nothing new but they rarely escape into the wild and cause real concern amongst security researchers.

Not so SymbOS/Yxes.A!worm which has, rather unsurprisingly, been given a much snappier name to remember it by: Sexy View.

According to Fortinet’s FortiGuard Global Security Research Team  Sexy View is in the wild and is using a breakthrough propagation strategy: SMS.

Researchers reckon it is spreading in the wild and targeting SymbianOS S60 3rd Edition handsets such as the Nokia 3250, and has also been spotted on the Nokia N73. Sexy View comes complete with a valid certificate signed by Symbian enabling it to install without hassle on factory mobile devices running the S60 3rd Edition OS.

Sexy View grabs phone numbers from an infected handset and then sends text messages to them complete with a malicious link to download a new copy of the worm via the web. It also gathers data such as handset serial number and phone number which are posted to a remote server. The reasons remains unknown at this time.

Guillaume Lovet, senior manager of Fortinet's Threat Research Team, says that the worm can mutate easily due to the worm being hosted on a web server and warns "We're really at the edge of a mobile botnet here."