Mobile Malware: Threats and Prevention (part 2)
Which Features Are Most at Risk?
1. Text messages
Windows Mobile provides a development API that mainly provides functions for sending and blocking messages. These functions can be used by viruses or other malware to steal your private information and potentially wreak havoc on your life
and finances.Researchers at McAfee Avert Labs have observed examples of SMS (short message
service) phishing (also known as SMiShing), which seems to be on the rise.One example is malware that uses the text-messaging APIs to send fake messages to people on your contact list. This is similar to email spoofing, but this type of phishing has an even higher likelihood of success because of the victims’ lack of awareness of this type of threat. If we trust an incoming message based solely on its telephone number, then we are vulnerable to anyone in our contact list who has been infected by malware, which can easily send spoofed messages. Users will find it hard to tell if
the SMS is malicious. Malware can also use text message APIs to charge cell phone fees through the SMS payment gateway. In one example, Java-enabled mobile phones, including those using Nokia S60 and Windows Mobile platforms, have already been victimized by this threat. This Trojan horse sends special text messages to a Russian service provider and
deducts the users’ prepaid cell phone fees. It’s reasonable to assume similar attacks will occur against Windows Mobile devices as these devices become more popular. Unfortunately, the breadth of the Windows Mobile platform leaves other
opportunities for mischief. According to the Windows Mobile Software Development Kit, an application developer could write code using the sample code MapiRule and load it to implement text message blocking. Because Microsoft already provides a
MapiRule framework in the SDK, all that a developer has to do is modify it a bit foruse as a DLL. The figure below shows the short message handling process before and after MapiRule has been installed. After installation, MapiRule becomes a filter between short messages and the tmail (text mail) mail program. So, a programmer could interrupt the short message handling process by deleting or forwarding messages, or by performing other operations while acting as the man in the middle. Malware could use this feature to install a DLL in the user’s phone to block the short message and disturb normal communication, give responses to messages, or forward messages. If SMS was used for corporate communications, it would create an avenue for intercepting corporate data.