Personal
Business
  • Developers
  • | About StarHub
  • search icon

Mobile Services

Mobile Virus Alert

Protecting your mobile phones

Over the past few months, there have been an increasing number of reports of malicious software (or commonly know as malware) causing the mobile devices to to malfunction. Like their PC counterparts, these malware come in many forms, for example worms, viruses and Trojan horses, and can be transmitted via Bluetooth or MMS.

At present, SmartPhones or PDA phones running on Symbian Series 60, 80 and Windows CE Operating Systems tend to be more at risk than others. Here are a list of make and model of mobile phones that are identified:

Nokia: 6260, 6600, 6620, 6630, 6670, 6680, 7610, 9300, 9500
Panasonic: X700, X800

The above is not a comprehensive list of mobile phones that may be affected. However, mobile phone owners should take the following precautions to ensure safeguard of their mobile phone:

  1. Off-the-shelf anti-virus software for your mobile phone.
  2. Be cautious when you accept software applications via Bluetooth or MMS from an unknown source.
  3. Always turn off your Bluetooth setting when not in use. Only turn it on when you need to receive files from a known source.

List of Viruses

DoomBoot.A Trojan
A new Symbian Trojan called DoomBoot.A is identified.  DoomBoot.A is a Trojan that drops CommWarrior.B on the phone and is able to disrupt mobile phone functionality in a previously unknown way. It drops Symbian ETEL ROM binaries to the C:\ folder of the mobile device. The ROM binaries cause the function to fail at the next boot and the device stays in an eternal reboot loop.

If your device is infected, do not reboot the device. Instead, go to the application manager and de-install the Trojan.

Onehop.A
It is the first Symbian Trojan that actually uses Bluetooth to send Trojans to other mobile phones. The file it sends is call Bootton.A that is unable to spread.

Onehop.A causes an infected mobile phone to reboot when trying to use the system application such as accessing the phone menu.  It sends copies to the first device it finds using Bluetooth. In its structure Onehop.A is quite similar to Skulls family Trojans. With the exception that instead of replacing system files with corrupted binaries, Onehop.A uses applications to cause devices to reboot. Thus if a device is infected with Onehop.A, pressing the menu button or any system application button will cause the mobile phone to reboot itself.

Onehop.A disables most of the critical systems functions and third party file mangers, so that even if the mobile phone will not immediately reboot, it is still unusable before it is disinfected. In addition of disabling applications on the phone, Onehop.A uses a modified version of Cabir as the distribution component for SymbOS/Bootton.A. Once it finds a mobile phone via Bluetooth, and if the owner of the mobile phone accepts the connection, it will receive the Bootton.A file. The modified Cabir that Onehop.A infects the device and since it is incapable of spreading, it will be detected as a component of Onehop.A and not as a separate malware.

Like Skulls.A, the Onehop.A replaces the applications icon with it's own icon, this time, the icon is a heart icon with the text "I-Love-U".

CommWarrior
When a mobile phone is affected with the CommWarrior malware, it attempts to spread from an infected mobile device using two methods:

It randomly selects new targets from the phonebook and attempts to send copies of itself as Multimedia Messaging Service (MMS).

It may also send a copy of itself to mobile devices that have visible Bluetooth connection.

We have prepared some useful information for you and we hope we can prevent the spread of this malware together.

  • What are the effects of CommWarrior?
    Aside from spreading via Bluetooth to unknowing parties, CommWarrior also replicates itself via MMS which may lead to undue MMS charges.

    Infected devices must be reformatted and thus all phonebook contents and information will also be erased.
  • How to prevent your mobile device from being infected?
    The following are precautionary measures that you could observe:
    • Turn off Bluetooth connection when its not in use
    • Refrain from accepting or installing unidentified applications or services contained in Bluetooth or MMS messages
    • Update or back up your phone directory regularly 
  • What to do when your mobile device is infected with CommWarrior?
    When your Series 60 mobile device is infected, you could bring your phone down to the manufacturer for correction.

    For Nokia phones, you may reformat your phone by keying in *#7370#.If the command does not remove the malware, please contact Nokia or bring the phone to a Nokia Authorised Service Centre.

    Nokia Careline:
    6822 8888
    Nokia Service Centres
Nokia Suntec City No. 3 Temasek Boulevard, Suntec City Mall, #01-136, Tower 3, Singapore 238880
Nokia Wheelock Place 501 Orchard Road, Wheelock Place,
#03-13/14, Singapore 238880
Nokia Century Square 2 Tampines Central 5, Century Square Shopping Centre, #04-07/08
Nokia Parkway Parade 80 Marine Parade Road, Parkway Parade, #B1-31/32
Nokia Causeway Point 1 Woodlands Square, Causeway Point Shopping Centre, #03-24/26
    Note: Please remember to back up your contacts and other information before performing any of the procedures above.
  • What are Series 60 devices?
    Series 60 devices include:
    • Nokia 6680, 3230, 6670, 6630, N-Gage, 7610, 6600, 3600, 3650
  • For other devices, please refer to the respective manufacturer for more information.
Please visit www.nokia.com/security for more information.

You are in:

StarHub >  Support  >  Mobile  >  FAQs  >  Mobile Services  >  Mobile Virus Alert

Support

Rewards
Contact Us| Careers| Sitemap | Advertisers| Terms & Conditions| Legal & Privacy Statement| Copyright Act Notification| Contractor's Corner
Best viewed with IE 8.0 © Copyright StarHub 2012. All rights reserved