An updated variant of the Skulls Trojan horse comes disguised as a new version of the Macromedia Flash player to fool users of mobile phones running the Symbian operating system.
Skulls.D disables applications needed to remove it, drops the Cabir.M worm onto phones and informs users that they have been infected by displaying a full-screen flashing skull. Infected users are also unable to browse their file system or install new programs, forcing them to reset their phone to its default factory conditions.
Those most likely to be hit are users who like to download new software either from Symbian freeware sites or peer-to-peer networks, according to Mikko Hypponen, director of anti-virus research at F-Secure. "Users who are really at risk are those looking for pirated software," he said.
The Cabir.M worm overwrites all short-range Bluetooth radio applications so that infected handsets, once booted, constantly scan for other Bluetooth-enabled devices and send a corrupt file.
Users are asked if they want to install the file. If they accept, the Bluetooth applications on their phones are immediately overwritten, and their handsets then attempt to pass on the file to other Bluetooth devices in the vicinity.
"Most people find out that they've been affected by the Cabir worm when the battery life of the phones falls dramatically, to about a half day instead of the average three days," Hypponen said. He also denied suggestions that reports of such mobile worms were limited only to anti-virus companies and hadn't been seen in public. "Most of the cases we have come across are from real users in the field," Hypponen promised.
Hypponen said that although malicious programs aimed at new smart phones are not yet huge problem, "they are a problem, and they're going to get a whole lot worse".