Within cybersecurity circles, talk of smartphone or mobile malware certainly produces a heated debate. To add gasoline to this fire, we can now add the examples of the first “pocket botnet,” a botnet solely or partly made up of smartphones, which could infect PCs.

Observers clash on the validity of the idea of pocket botnets, as demonstrated by these articles:

• Paul Oliveria, who works in technical communications at the security vendor Trend Micro, says his firm’s researchers have seen a “whopping 1,410 percent increase” in Android malware since January 2011.
• Chris DiBona, open-source programs manager at Google, claims smartphones based on open-source software aren’t less secure than those based on other forms of software. “Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM, and IOS. They are charlatans and scammers.”

So what is the current state of play? Is it possible for both articles to be true?

Your Android- or Symbian-based phone can be targeted via an app, Bluetooth, WiFi, or SMS and subjected to a data stealer, click fraudster, malicious downloader, spying tools, and, very possibly now, a pocket botnet.

As a backgrounder, here are some more stats:

• Current versions of mobile malware variants number about 1,700, according to the security vendor NetQin.
• In recent research from analysts at DeepEndResearch.org., the number of specific malware samples collected was 113.
• The worldwide cellphone market shows no sign of slowing. According to Gartner, worldwide sales of smartphones totalled 440.5 million at the end of September 2011. By 2013, Gartner expects smartphones to outnumber PCs. And since cybercriminals will always follow the money, it isn’t difficult to predict which devices they will increasingly prefer to target.

So far this year, there has been the discovery of a smartphone version of the Zeus Trojan spyware, Zitmo, which redirects mobile transaction authentication numbers (mTANs), the SMS messages used by some banks during the online banking process, to a remote Web server. Once Zitmo invades a victim’s PC, the next time the victim visits a bank Website, the virus activates a message asking the user to download a “security” component to their smartphone. The fraudster then gains complete control of the victim’s banking process by creating a fraudulent money transfer and then getting the victim to verify it on the smartphone.

Recently, a version of SpyEye that targets mTANs in a similar way to Zitmo was found in the wild. By autumn of this year, reports of several types of Android Trojans were coming in thick and fast, including SPITMO, followed closely by OpFake.

The Android.SmsSend family of malware, which uses similar techniques to fake anti-virus packages, increased in number from just six at the beginning of 2011 to 60 currently. One of these programs, Android/Anserver/Altr, has several advanced capabilities, with the remote server communicating with the infected device in XML format.

It does not take a crystal ball to consider the future when we see the recent experience of Chinese Symbian smartphone users. China has the largest smartphone market in the world, but that status has come with a price. Early this summer, a set of viruses known as FC.ThemeInstaller and AVK.DuMusic.A, among others, infected more than 1 million phones in just one week. China’s largest operator, China Mobile, was forced to block servers, but this particular pocket botnet still spreads.

So 2011 heralded a new breed of smartphone malware and the pocket botnet. It can conceal itself, self-destruct at task completion, attack security software, and download and install new malware from a malicious server -- to name just a few of its more salient abilities. Also, it automatically infects and makes zombies of any Symbian smartphone on a user’s contact list.

So just like a USB memory stick, your pocket botnet-infected smartphone provides another attack vector for your PC.

www.internetevolution.com