One recent attack was a Trojan called WinCE/InfoJack that was aimed at Windows Mobile PocketPCs. Dave Marcus, security research and communications manager of McAfee Avert Labs, told us that WinCE/InfoJack was bundled with legitimate installation files such as Google Maps, games and stock-trading applications, and then distributed across a variety of Web sites. "That's a technique we've seen utilized in the PC malware for quite some time," Marcus said, but is still new in attacks on mobile platforms.

The Trojan sends out information about the device (such as its serial number and operating system ) to the owner of a now-offline Web site in China. It's a particularly dangerous attack because it shuts off other forms of security. Devices require authorization to allow programs to be installed, Marcus said. "This malware shut down that functionality, which could then allow the malware to update itself or allow other people to put malware on the phone."

Modular Malware

Another malware attack noted by McAfee researchers is aimed at Symbian Series 60 phones, available from manufacturers including Nokia, Panasonic, and Samsung. Also based in China, the SymbOS/Kiazha attack was designed to extort money from an infected user by disabling the phone until a payment of roughly $7 is made via QQ, a popular instant-messaging network in China that features "coins" that function as an in-network currency.

The SymbOS/Kiazha malware is included in a "toolkit" of malicious software known as MultDropper. Modular suites of attack tools are common for malicious code aimed against PCs, and Marcus said that it's the trend in mobile attacks now as well. "It doesn't surprise us as security researchers that the success of PC malware is replicated on the mobile platform. There are different considerations on mobile platform, but I think you're going to see people model their attacks on the mobile platform after the success of the PC platform," he said.

Professionally Written

The MultDropper that included the Symbian attack tool was written by someone who tested it extensively before unleashing it. Marcus noted that some of its components seemed at first to run in opposition. For example, infected phones would send a text message to open a new QQ account into which the extortion money could be paid, while another function would delete sent and received text messages.

Marcus said that whoever created the attack made sure the different components were working in harmony to make the extortion happen without leaving a trail. "When you looked at how the stages worked in conjunction with each other, he was using it to cover his tracks," Marcus said.

These attacks are indicative of a trend of attacks distributed to local niche markets, Marcus said. "While this attack was targeted only to Chinese speakers, it speaks to the fact that if you're a world traveler, you have to educate yourself about the local threats and nuances to technology, because with these kinds of trends developing, you're going to be exposed to things in china that you wouldn't be exposed to in Japan, Brazil or the United States," he told us.