Virus May Signal First 'Zombie' Cell Phone Network

Infected Phones Could Carry Out Attacks Without Owners' Knowledge

By JIM GILES

July 18, 2009—

For the first time criminal hackers may have succeeded in creating a network of "zombie" cellphones, infected without the owners' knowledge with software that can be used to send spam or carry out cyber attacks.

Botnets, as such networks are known, are usually made up of infected personal computers and are used to make money from spam or extortion. Millions of machines worldwide are secretly running botnet software and it has been estimated that one in four US personal computers is part of a botnet.

No botnet has ever been discovered running on mobile devices – until now, that is. Security firm Symantec, headquartered in Cupertino, California, says that a piece of software known as Sexy Space may be the first case.

Unsafe Sex Message

Sexy Space uses text messages reading "A very sexy girl, Try it now!" to jump between phones. The messages contains a link that, when clicked, asks the user to download software which, once installed, sends the same message to contacts stored in the phone.

Similar SMS viruses have been seen before. But Sexy Space is unusual in that it also communicates with a central server and can thus be controlled by the hackers who created it – the feature that gives conventional botnets their power. If the network of infected phones is seen to be responding to remote commands, it can be described as a true botnet.

Zulfikar Ramzan, Symantec's technical director of security response, notes that it is not yet clear how Sexy Space will use the connection to the central server. "But this has all the makings of a mobile botnet," he says.

Network Threat

"As PC botnets go it's unsophisticated," adds Ben Feinstein of SecureWorks, a computer security firm based in Atlanta, Georgia. "But it's a new development in the world of mobile malware."

Mobile botnets would pose entirely new security threats, says Feinstein. For example, researchers have shown that one could disable parts of the mobile phone network by flooding it with text messages.

iPhone Could Spy on IT Infrastructure

Infected devices could also be used to infiltrate computer networks. In a demonstration last year, a team from Errata Security, also in Atlanta, used an iPhone sent to a company to spy on its IT infrastructure.

While it sat in the firm's mailroom the phone sent back information about the local wireless systems and computers. A criminal hacker could use the same technique to break into a company's internal computer network, Errata's researchers claim.