Results 1 to 9 of 9
  1.    #1

    Published: January 24, 2005
    F-Secure Corporation
    Marcos Velasco's virus on a cellphone. If such messages, unknowingly, are answered positively, the virus is installed. Velasco, a 32-year-old Brazilian software developer, enjoys movies with special effects, maintains a vast collection of antique computers in his home and is the proud father of two young children and one mobile phone virus, which he named after himself: Velasco.

    Computer security experts around the world have given his virus and its variants more toxic-sounding names like "Lasco.A," "Symbos_Vlasco.A" or simply "the Lasco virus." They are also calling it stupid.

    "We think he's dangerous," said Mikko Hypponen, the director of antivirus research for a Finnish company, F-Secure, "because he publicly posts working mobile malware that any clown anywhere can easily download and use."

    Mr. Velasco's creation is essentially a piece of computer code that takes advantage of the short-range radio frequency technology called Bluetooth, which is installed on many common handheld devices, especially cellphones. If a person carrying an infected phone passes someone carrying a Bluetooth phone on the street, Mr. Velasco's worm can jump the gap, infecting the second phone.

    He does not spread the virus - technically a worm, according to some computer security experts, that has the ability to reproduce itself and does not need a host program - but he is evidently happy to share his work. "This worm for cellular phones is the first one with available source code in the world," his Web site declares.

    Whether anyone beyond antivirus researchers has downloaded Mr. Velasco's program is an unanswered question, and industry experts are careful to say that the age of the cellphone virus is not yet upon us.

    But Mr. Velasco's virus, which appears to do little harm, points not just to the inevitability of more virulent ones aimed at cellphones and other mobile devices, but also to a virus-writing subculture unfazed by multimillion-dollar bounties, international prosecution and an official inclination, after the attacks of September 2001, to characterize virus writers as terrorists.

    For Mr. Velasco - as with many virus enthusiasts who operate in a murky area of the law - the objective is not malice, but about testing theories, solving puzzles or just free expression. From his home in Volta Redonda, a steel-making city west of Rio de Janeiro, Mr. Velasco runs a small software development company, dotes on his collection of 104 aging computers (which he says he may open to the public one day), and dreams of writing a book on viruses.

    "Security, hacking and viruses are all hobbies to me," he said in an e-mail interview. "I like this area a lot."

    In the last few weeks, Mr. Velasco's worms have been cataloged in all the major encyclopedias maintained by antivirus companies - from Symantec in Cupertino, Calif., to the Kaspersky Lab in Moscow and Trend Micro, based in Tokyo. All classify the virus, like the four or five other known mobile viruses that have emerged over the last year, in the relatively benign "proof of concept" category, meaning that it is currently a low-level threat.

    Indeed, Mr. Velasco's worm carries no malicious payload. Still, it represents a significant improvement of sorts over what was largely viewed as the first cellphone virus, called Cabir, thought to have been developed last summer by an international virus-writing collective known as "29A."

    Cabir, which also took advantage of Bluetooth technology, was able to sniff out other active Bluetooth devices and, if it found one in the typical transmission range of about 11 yards, a user of the receiving device would see a cryptic installation message. If they unknowingly accepted, the virus would have successfully propagated. But Cabir was limited to one "jump" for each boot-up, not the most efficient way to spread.

    Mr. Velasco repaired that shortcoming and published the improved version on his Web site in December. Then he recompiled the source code to come up with more polished variations that could both exploit the Bluetooth protocol and burrow into a device's system files - waiting to be uploaded by other means, via memory cards or cable links, for instance. Then he posted those, too.

    "These are real viruses and they work well," Mr. Hypponen of F-Secure said. "Almost too well. Mr. Velasco's Cabirs are actually much more virulent than the original Cabirs made by 29A, and the Lasco.A virus by him is the first mobile phone virus infecting installation files."

    All the Cabir and Lasco variants aim at devices using a version of the Symbian operating system, which is collectively owned and licensed by companies including Nokia, Ericsson and Samsung. Symbian is one of the three major platforms, along with Microsoft's PocketPC and the PalmSource OS, now competing for dominance in the mobile market.

    Until recently, the much-discussed but little-seen mobile phone virus had been hampered by the relatively small market penetration of truly "smart" devices - less than 5 percent of the mobile market over all, according to the research firm Canalys. Smart devices are those that marry data-rich (and virus-vulnerable) services like Web browsing, scheduling, e-mail and text messaging, as well as plain old phone service. And the variety of platforms and interfaces running on these machines has thus far rendered them something of a moving target for would-be writers of malicious code.

    "Today, everything is still sort of scattered across Symbian, Blackberry, Palm, PocketPC," said John Pescatore, an Internet security analyst at Gartner, which advises companies on the global information technology industry. "One virus can't possibly hit all the phones; not even 20 percent of the phones."

    But Symbian-based devices made big gains in the mobile market in 2004, according to data compiled by Canalys. In the third quarter of 2003, the three major platforms each made up about a third of all smart mobile shipments. In the 2004 quarter, Symbian-based devices grew to half of all new shipments. And on Wednesday, Symbian announced its entry, along with PalmSource, into the Open Mobile Terminal Platform group, an organization of mobile phone operators that seeks to bring more interoperability and consistency to the forest of mobile devices on the market.

    These are the kinds of preconditions - market penetration, uniformity - that, according to Mr. Pescatore, will be needed to pique the interest of would-be scammers, hackers and virus writers. And in that sense, Mr. Velasco's exploits are something of an early object lesson.

    "We've told our enterprises," Mr. Pescatore said, "that 2005 is the year to start planning how to prevent this," adding that the real threat will come if virus technicians figure a way to reliably deliver payloads not via the short-distance radio frequencies used by Bluetooth, but by raining them down through the cellular networks. "That would be a much bigger problem, and a much harder solution," he said.

    For now, though, the problem is only about as big as Mr. Velasco - though for many, that is big enough.

    Other antivirus companies that have downloaded Mr. Velasco's creation and tested it in their labs corroborate the basic functioning of the worm. And while they, too, see it as a relatively benign bit of code in its own right, it suggests the potential for more aggressive worms that might destroy or steal data, generate hidden and expensive phone calls, or render a mobile device inoperable.

    "It's not healthy for anyone to do this sort of thing," said Todd Thiemann, director of device security marketing at Trend Micro. "We need to be measured and not say the sky is falling. But this signals that this is what is possible. That's the real risk from this publication."

    All the major antivirus vendors offer an inoculation for the Lasco virus on their Web sites - as does Mr. Velasco himself. And for those inclined to worry if their phones might catch a strain of the Velasco flu from infected passers-by, the advice is simple: keep your Bluetooth service disabled until you need it, and do not accept any unknown offers to install anything.

    "It's all fairly common-sense stuff," said Keith Nowak, a spokesman for Nokia, who said that representatives of the company in Brazil were aware of Mr. Velasco's Web site and that they were planning to contact him - gently.

    "We're not into strong-arm tactics," Mr. Nowak said. "And we don't want to get in the way of the free exchange of ideas. But with malware, in the spirit of open communication, we might get in touch and say, 'Hey, this isn't a good thing.' "

    Still, if Mr. Velasco is not much intimidated by Microsoft's $5 million bounty on the heads of several prominent virus writers, which the company began offering in 2003, nor by the arrest of several worm code writers last year - including Sven Jaschan, a German suspected of launching the disruptive Sasser and Netsky worms - it seems unlikely that he will respond to gentle prodding.

    "I don't publish viruses to cause a panic," he said. "I only publish to spread knowledge."

    And he added, "I don't think knowledge should be punished."

  2. #2  
    I'm not worried. I ALWAYS keep my Treo not discoverable if I'm not using Bluetooth and I usually keep the Bluetooth off when not in use just in case.
  3. #3  
    ALWAYS is an impossible word. You should try 'usually' or 'most of the time'.

    -your friendly ethical hacker
  4. #4  
    Won't it have to be a palm app to do anything? since most bluetooth phones are not palm, it should not make a difference (most of the time, thanks knumnuts)

    Newton->Visor Deluxe->Visor Prism->Treo 300->Treo 600->Treo 650->Treo 755p->Touch Pro->Palm Pre!
  5. #5  
    This has been around quite a while. Also, even if you have bluetooth turned off, you really are still able to receive signals (certain phones only).

    That said, this is not possible to run on the Treo in stock form... Don't worry it it, be more worried about people stealing your contact info...
  6. #6  
    Quote Originally Posted by shadowmite
    ... be more worried about people stealing your contact info...
    Please elaberate. Can my contacts be stollen via BT? How llong would it take to transfer a contact database via BT? Does BT have to be on? Does the Teo need to be on? Etc?
  7. #7  
    Quote Originally Posted by knumnuts
    ALWAYS is an impossible word. You should try 'usually' or 'most of the time'.

    -your friendly ethical hacker
    Well I never said I was invulnerable from an attack.
  8. Doomer's Avatar
    33 Posts
    Global Posts
    36 Global Posts
    On a recent G4TechTV show, there was some folks from Flexilis that demonstated bluetooth 'snarfing' from 1.08 miles away. As part of the demonstration, they liberated the contacts list from a Nokia 6310i. Pretty impressive and a real eye opener when it comes to Cell Security.

    Now I tend to keep my BT off, most of the time.

    Here's the story:

    Bluetooth Attack!
  9. #9  
    Quote Originally Posted by Doomer
    On a recent G4TechTV show, there was some folks from Flexilis that demonstated bluetooth 'snarfing' from 1.08 miles away. As part of the demonstration, they liberated the contacts list from a Nokia 6310i. Pretty impressive and a real eye opener when it comes to Cell Security.

    Now I tend to keep my BT off, most of the time.

    Here's the story:

    Bluetooth Attack!

    Yes most of the old phones with bluetooth are venrable for snarfing and bluebug. Some Nokia phones can even be discovered when bluetooth is turned off. (Nokia 6310i, 6310, 8910, 8910i, Sony Ericsson T610, T68i).

    Most people may have heard of bluejacking, which is harmless compared to bluebug. If used properly hacker can send sms, divert calls, use data services even monitor victem's calls from anywhere in the world, which can be used to indentity theft scams.

Posting Permissions