The Symbian Foundation has been left with egg on its face after accidentally sanctioning what experts are calling the first text message worm in history.

James Middleton

July 20, 2009

2 Min Read
Symbian accidentally certifies worm
Security vendors claim Regin comes from either the US or UK governments

The Symbian Foundation has been left with egg on its face after accidentally sanctioning what experts are calling the first text message worm in history.

A worm, known variously as Yxe, Sexy Space, or Sexy View, has been spotted in the wild attacking smartphone users in China.

According to virus experts at Finnish security firm F-Secure, the worm was written in China and managed to sneak through Symbian’s validation procedure, winning protection as a ‘Symbian signed’ app.

This means the worm will be installed without security warnings and offers just one innocuous prompt to the user during installation. Once installed, the worm sends a text message to every contact in the phone’s address book containing a link to a web page that hosts the worm installation file in SIS form. Of course, the user also pays the price of each and every text message the worm sends out from the infected handset.

F-Secure’s head of research, Mikko Hypponen, reckons that the worm author wrote the program with the intention of avoiding F-Secure’s virus scanner as this is the one Symbian uses to check applications before signing them. The worm author also submitted the application via the Express Signing procedure where only spot checks are carried out by humans, F-Secure said, which probably resulted in the app getting signed.

The malware is also known to send information about the infected phone, such as the device’s IMEI number, on to another location.

At present there have only bee reports of the virus in China and the Middle East, although the potential for more widespread infection is significant seeing as the worm affects S60 third generation phones, such as the Nokia N95.

Symbian has since revoked the app’s certificate, but because the platform does not check to see whether a certificate has been revoked every time the worm is activated.

Last week the Symbian Foundation announced an application publishing programme that will see it attempt to bridge the gap between developers and application stores. Dubbed Symbian Horizon, the new initiative was described by Symbian’s Sean Puckrin, who is leading the programme, as equivalent to a record label in the music business.

The aim of Horizon is to offer a range of services to developers to help them get Symbian friendly versions of their applications into various stores.

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like