16-05-2010, 07:49 PM
[attachment=3544]
Mobile Viruses and Worms
Presented By:
Amit Kumar Jain
Amogh Asgekar
Jeevan Chalke
Manoj Kumar
Ramdas Rao
Outline
Introduction
Classification
Threats posed by mobile worms and viruses
Case Studies
Futuristic Threats
Protective Measures
Introduction
What is a Mobile Virus
Mobile : pertaining to mobile devices
cell phones, smart phones, PDAs, ...
Mobile Virus vs. Computer Virus
Mobile Malware:
Malware: Malicious Software
All kinds of unwanted malicious software
Differences with PC
Although similar OSes are being used, differences exist:
Lesser users of mobiles are less tech literate
Implies that it is difficult to rollout security patches to phones already sold
Mobiles are always connected and switched on
Environment keeps changing
Imagine one infected phone in a stadium full of people
Differences...
On the positive side:
Several variants of phones exist
A malware for one type of phone may not necessarily be able to infect others
E.g., A virus that uses an MMS exploit cannot infect a phone that does not have that facility at all
Mobile malware not yet causing critical harm
At most
they increase the user's billing, or
cause the mobile phone to stop working (can be restored by a factory reset)
Classification of
Mobile Worms and Viruses
Classification
Behavior
Virus
Worm
Trojan
Environment
Operating System
Vulnerable Application
Family name and Variant identifier
Classification (examples)
Mobile Virus Families
Current threats by mobile malware
For financial gain / loss
Unnecessary calls / SMS / MMS
Send and sell private information
Cause phones to work slowly or crash
Wipe out contact books and other information on the phone
Remote control of the phone
Install false applications
Case Studies
Case Study “ CABIR
First mobile worm
Only as Proof-Of-Concept
Spread vector “ Bluetooth
Infected file “ caribe.sis
15 new variants exist
Case Study - ComWar
Second landmark in mobile worms
Spread vector - Bluetooth and MMS
Large spread area due to MMS
Not as proof of concept “ Intention to harm by charging the mobile user
Multiple variants detected
Case Study - CardTrap
First cross-over mobile virus found
Can migrate from mobile to PC
Propogates as infected mobile application as well as Windows worm
2 variants found “ Both install with legitimate applications “ Black Symbian and Camcorder Pro
Futuristic Threats
Futuristic Developments
Location Tracking
Camera and Microphone Bug
Leaking Sensitive Information
DDOS attack on Mobile Service Provider
Protective Measures
Securing against attacks
System level security
MOSES
Network Level Security
Proactive approach
MOSES
MObile SEcurity processing System
Ravi (2005)
Two levels of defenses “ Hardware and Software
Hardware “ Application Fencing
Software “ Encryption
MOSES
Secure boot and run-time memory protection
prevents software (virus) and physical (code modication) attacks
Provides crypto functions and meets performance and power targets
Provides protection to any sensitive data or cryptographic keys against common attacks
Proactive Approach
Paper by Bose, Shin
Reduce the impact of an attack
Generate Behavior Vectors
Form Behavioral Clusters
Virus Throttling Algorithm
Quarantine
Questions
References
Kaspersky Labs' Report on Mobile Viruses (September 2006)
http://viruslisten/analysispubid=198981193
http://viruslisten/analysispubid=200119916
http://viruslisten/analysispubid=201225789
Bluetooth vulnerabilities
Haataja, K., Two practical attacks against Bluetooth security using new enhanced implementations of security analysis tools, CNIS 2005, Arizona, USA, November 14-16, 2005.
http://thebunkersecurity/bluetooth.htm
http://darknet.org.uk/2006/02/locate-any...k-via-sms/
Protective Measures:
MOSES: http://princeton.edu/~sravi/security.htm
Bose, Shin, Proactive Security for Mobile Messaging Networks, WiSe '06, September 29, 2006.
Thank You