Trojan SymbOS/MerogoSMS Worms

Posted by admin on 5/Apr/2010 in Security Alert Log, Trojans | 0 comments

Known as Trojan SymbOS/MerogoSMS worms are currently attempting to spread on Symbian Series 60 3rd Edition devices. Symbian is the most common smartphone operating system in use.

They spread by sending text messages to other phones. The SMS contains a variable message in Chinese with a link to a web site. If  followed the user is prompted to install an application thereby infecting the phone and restarting the whole process of propagation via SMS. These worms appear to have the capability of sending messages to expensive premium-rate numbers.

Here’s the Clever Bit

As unsigned software can not be directly installed on Symbian Series 60 3rd Edition devices by default the installation package for this worm has indeed gone through the Symbian Signing process. According to sources they were submitted using Symbians express signing mechanism. The signed installation files contain additional unsigned SISX files which the host installer deploys. this type of mechanism makes it hard for certification systems to get a complete understanding of what the program being signed really does.

Does Symbian Revoking the Publisher ID Fix the Problem for Everyone?

Symbian Foundation has revoked the publisher ID that was allocated for these packages. But does that automatically fix the problem? No. Another step is needed.

Usually S60 phones are not configured by default to check for certification revocation. This is understandable. If hardware vendors were configuring phones to make data connections by default it would customer service nightmares for the carriers. Hardware vendors just can’t assume that customers will buy data plans so the certification check is off by default.

If you have an S60 phone and a data plan then you should adjust your Application Manager settings as shown below.

A Current Affair Report on SMS Security Scare Followup – Victims

Posted by admin on 6/Nov/2009 in Security Alert Log | 0 comments

Last evening the Australian TV show “A Current Affair” had a segment following up with some victims who had been adversely affected by senders of SMS messages to faking their “Sender” details using readily available software.

(more…)

CellTrust Corp. Commences Operations with CellTrust Australia, Pty Ltd. To Provide Secure SMS and Mobile Marketing to Australia and New Zealand

Posted by admin on 5/Jun/2009 in Application Watch | 1 comment

U.S.-based CellTrust, the Secure SMS Messaging Leader, Establishes a Franchisee as Distribution Network on the Australian Continent.

Scottsdale, AZ, USA and Australia – June 3, 2009 – CellTrustCorporation, a U.S.-based provider of leading-edge secure mobile messaging and applications (www.CellTrust.com) announced its expansion into Australia and New Zealand with the establishment of CellTrust Australia (www.CellTrust.com.au).  The franchisee will operate from its headquarters in Sydney, Australia led by Managing Director Nick Goritsas, marketing veteran and entrepreneur who founded the successful Ontarget Group of companies, which specialise in Data Mining, Direct Mail Marketing and Product Fulfilment.

CellTrust Australia’s customer base will benefit from CellTrust’s award winning SecureSMS Gateway, enabling businesses to exchange critical information with customers using mobile devices in a trusted environment.  SecureSMS has additional advantages over standard SMS, such as delivery, read, and receipt confirmation. CellTrust SecureSMS provides end-to-end privacy on the mobile device via a highly encrypted, tamper-proof process. The sender can see the icons actually change on their phone as messages are sent, received and opened by the recipient. The solution also increases the SMS size limit from 160 characters to 5000. A remote wipe functionality that ensures users can wipe the handset if it is lost or stolen adds another critical layer of security. Additional features that will soon be available on CellTrust SecureSMS will include 2D barcodes, client-less Secure SMS, as well as a dynamic menu system for mobile banking and mobile payments.

“The introduction of 3G mobile technology to the Australian market is driving economic growth and helping to transform businesses and services to communities previously underserved due to the limitations of broadband” said Nick Goritsas, Managing Director, CellTrust Australia. “With the proliferation of mobile data and the exchange of sensitive information across education, healthcare, government and financial sectors, CellTrust’s secure mobile applications and global gateway are well-positioned to meet market demands.” (more…)

Symbian trojan that locks your mobile phones MMC card

Posted by admin on 5/Jun/2009 in Trojans | 0 comments

F-Secure have a post that goes back nearly four years outlining the first known trojan to attack phones MMC card. SymbOS/Cardblock.A is a Symbian trojan that used a phones MMC card in trying to get users PC infected with Win32 malware, but Cardblock.A is the first one that actually attacks the MMC card itself. (more…)

Yep, Apparently You Can Rob Banks with your Nokia 1100!

Posted by admin on 22/May/2009 in Security Alert Log | 0 comments

I was emailed a link to an article from one of our readers this morning confirming that yep you can rob banks with your Nokia 1100. Now I might be sensationalising things a little bit with my post, but read the full article posted on PCworld and you’ll realise that this is serious stuff.

Now if you were using SecureSMS from Celltrust to communicate with your bank or something similar issues like this could more than likely be avoided.

Rob Banks With Your Nokia 1100 – Forget the Getaway Car and Gun!

Posted by admin on 21/Apr/2009 in Security Alert Log | 2 comments

Loads of European banks provide their mobile banking customers with a list of sequential numbers and random requested checksums on a pice of paper or card. Without access to this physical list an attacker might be able to gain access to the banks online GUI but won’t be able to complete a fund transaction. This is a fairly secure method but carrying the piece of paper or card can be a bit cumbersome.

So think about it for a second, what’s more convenient and is always with you? Yep, your mobile phone. (more…)