First MMS-spread virus found in the wild

Mar 08, 2005: The world’s first MMS-spread mobile phone virus called Commwarrior, which also attempts to replicate through Bluetooth wireless technology, has been detected in the wild.

The threat of mobile phone viruses increased yesterday with the revelation of a mobile phone virus called Commwarrior, which has the potential to spread globally through MMS (Multimedia Messaging Service). In addition, the virus can replicate locally through Bluetooth wireless technology – the means by which mobile viruses like Cabir and its variants have thus far been spreading. In this manner, it speeds up the draining of the phone’s battery.

The first indication of Commwarrior was made already in January in a Serbian discussion forum warning of a virus spreading among Symbian Series 60 platform phones by randomly sending MMS messages automatically to an infected phone’s contacts list. MMS text messages can include an image, audio or video elements. Commwarrior sends MMS messages to the contacts in the phone's address book.

By so doing, the virus has the potential to spread globally. So far, however, it has failed to do so and is replicating slowly – an anomaly being carefully investigated by the F-Secure Anti Virus Research Team. First indications suggest that the virus is Russian in origin, as it contains text that says "OTMOP03KAM HET!" which roughly translates as "No to braindeads".

Speaking about the new mobile threat, F-Secure’s Director for Mobile Operator Solutions, Antti Vihavainen said: "The situation is not critical since we have not received a lot of reports from our customers. However, CommWarrior creates unwanted billing for the owners of infected phones by sending MMS messages without user interaction," adding: "The phones can be easily protected by using common sense. None of today's mobile viruses can install themselves without the user accepting the standard security warnings."

F-Secure Mobile AntiVirus can already detect Commwarrior – an update which was made within two hours of its detection. In the event that a user’s Symbian Series 60 phone is not running the F-Secure client, it is advisable not to install unknown applications arriving in MMS messages and keep Bluetooth in undiscoverable mode.

About F-Secure Corporation

F-Secure Corporation is the fastest growing publicly listed company globally in the antivirus and intrusion prevention industry with more than 50% revenue growth in 2004. F-Secure services and software protect individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks. Our award-winning solutions include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Our key strength is our proven speed of response to new threats. For businesses our solutions feature a centrally managed and well integrated suite of solutions for workstations and servers alike. Focused partners offer security as a service for those companies that do not wish to build security expertise in-house. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999. We have our headquarters in Helsinki, Finland, and offices in USA, France, Germany, Italy, Sweden, the United Kingdom and Japan. F-Secure is supported by a global ecosystem of service partners, value added resellers and distributors in over 50 countries. F-Secure protection is also available through mobile handset manufacturers such as Nokia and as a service through major Internet Service Providers, such as Deutsche Telekom, France Telecom and Charter Communications. The latest real-time virus threat scenario news are available at the F-Secure Antivirus Research Team weblog at http://www.f-secure.com/weblog/

For more information, please contact:

F-Secure Corporation
Antti Vihavainen, Director, Mobile Operator Solutions
Tel. +358 (0)9 2520 5357
Mobile +358 (0)40 523 3880
Email: antti.vihavainen@f-secure.com