Antivirus experts have found a virus that can move from mobile phones to computers, but analysts say the bug is neither very dangerous nor very sophisticated.
The Trojan, called CARDTRP.A or Sybos/Cardtrap.A by different antivirus vendors, is rated as a low risk by Trend Micro. F-Secure calls it “unremarkable” except that it runs on the mobile phone OS Symbian and will try to infect a PC if the phone’s memory card is plugged into it.
‘Old Hat’
“The only thing new that it does is ineffectively try to spread to the PC from the phone — this is new behavior for phone malware but old hat for traditional malware. The IIS/sadmind worm, for example, spread to both Solaris and IIS,” Ed Moyle, president, SecurityCurve, told TechNewsWorld. “So, it’s not really new or innovative in itself — it does, however, apply old concepts in a new way.”
Moyle said the Trojan was almost exactly like Cabir, another Symbian virus, and unlikely to do much harm.
“I don’t think it’s dangerous in and of itself, and I don’t think it necessarily signals a trend to come,” he said. “From an originality perspective, I’m not impressed by this virus either.”
Expected Development
Peter Firstbrook, research director, Gartner, agreed with Moyle that Cardtrp is nothing new.
“The only difference I noticed was that it drops win 32 malware in the memory card to infect PCs. That is a new channel for malware to infect PCs, but it is not unanticipated that phones would be a vector for PC infection,” he said.
If the memory card successfully copies the malware, Win32/Padobot.Z and Win32/Rays, onto a PC, the Trojans will attempt to start up in autorun, but F-Secure points out that under most circumstances, Windows will not allow that.
Moyle said that it wouldn’t have been difficult for a malware writer to find and alter Cabir.
“Functional source code for a large amount of existing malware can be found on the Internet, so it’s pretty easy for someone to cut and paste from existing malware or to just look to existing malware for example purposes,” he said. “The addition of new malware functionality, particularly functionality that leverages a commonly used feature of the underlying platform such as writing files to a memory card, is also pretty easy.”