First SMS Worm Crawling out of China

New research from Antivirus firm F-Secure has stumbled across the first SMS worm in the wild.  Currently known as the “Yxe”, ” Sexy Space”, or ” Sexy View” the worm targets cellular phones running the Symbian based OS, which accounts for 49% of the smartphone market.  Infection occurs when a user follows a link to a malicious website from within a SMS message.  The message will appear to come from someone you know since the worm spreads by sending out new SMS messages to everyone stored in the address book of the infected phone – all text messaging fees incurred in generating the new traffic also apply.  In addition to spreading, the worm also captures  information from the infected phone and sends it away, including the IMEI number of the phone.

When the malicious link is followed the user will automatically receive a SIS installation package, which will display the prompt: “Install Sexy Space? Yes or No.”  The package that is received is actually a “signed” package, which prevents any security warnings from being displayed on the phone. It is believed that the virus writer submitted the malware through the “Express Signing” procedure, where most applications are not inspected by humans.  Although Symbian has now revoked these signatures it will take some time for the propagation to occur.

Although the infection is currently limited to China and the Middle East, if your company currently utilizes Symbian based smartphones it might warrant further investigation.  More information about the virus and how to manually revoke these certificates can be found on the F-Secure site.