10-03-2011, 12:52 PM
Presented by:
Amit Kumar Jain
Amogh Asgekar
Jeevan Chalke
Manoj Kumar
Ramdas Rao
[attachment=9942]
Mobile Viruses and Worms
Introduction
What is a Mobile Virus?
– “Mobile” : pertaining to mobile devices
• cell phones, smart phones, PDAs, ...
Mobile Virus vs. Computer Virus
Mobile Malware:
– “Malware”: Malicious Software
– All kinds of unwanted malicious software
Differences with PC
Although similar OSes are being used, differences exist:
Lesser users of mobiles are less “tech literate”
Implies that it is difficult to “rollout security patches” to phones already sold
Mobiles are always “connected” and switched on
“Environment” keeps changing
Imagine one infected phone in a stadium full of people
Differences...
On the positive side:
Several variants of phones exist
A malware for one type of phone may not necessarily be able to infect others
E.g., A virus that uses an MMS exploit cannot infect a phone that does not have that facility at all
Mobile malware not yet causing critical harm
At most
they increase the user's billing, or
cause the mobile phone to stop working (can be restored by a factory reset)
Classification ofMobile Worms and Viruses
• Classification
Behavior
Virus
Worm
Trojan
Environment
Operating System
Vulnerable Application
Family name and Variant identifier
• Classification (examples)
• Mobile Virus Families
• Current threats by mobile malware
For financial gain / loss
Unnecessary calls / SMS / MMS
Send and sell private information
Cause phones to work slowly or crash
Wipe out contact books and other information on the phone
Remote control of the phone
Install “false” applications
• Case Studies
• Case Study – CABIR
First mobile worm
Only as Proof-Of-Concept
Spread vector – Bluetooth
Infected file – caribe.sis
15 new variants exist
• Case Study - ComWar
Second landmark in mobile worms
Spread vector - Bluetooth and MMS
Large spread area due to MMS
Not as proof of concept – Intention to harm by charging the mobile user
Multiple variants detected
• Case Study - CardTrap
First cross-over mobile virus found
Can migrate from mobile to PC
Propogates as infected mobile application as well as Windows worm
2 variants found – Both install with legitimate applications – Black Symbian and Camcorder Pro
• Futuristic Threats
• Futuristic Developments
Location Tracking
Camera and Microphone Bug
Leaking Sensitive Information
DDOS attack on Mobile Service Provider
• Protective Measures
• Securing against attacks
System level security
MOSES
Network Level Security
Proactive approach
• MOSES
MObile SEcurity processing System
– Ravi (2005)
Two levels of defenses – Hardware and Software
Hardware – Application Fencing
Software – Encryption
• MOSES
• Secure boot and run-time memory protection
– prevents software (virus) and physical (code modification) attacks
• Provides crypto functions and meets performance and power targets
• Provides protection to any sensitive data or cryptographic keys against common attacks
• Proactive Approach
Paper by Bose, Shin
Reduce the impact of an attack
Generate Behavior Vectors
Form Behavioral Clusters
• Proactive Approach
Virus Throttling Algorithm
Quarantine