Computer Crime Research Center


Russian hackers attack via MMS

Date: March 11, 2005
Source: Computer Crime Research Center
By: CCRC staff

The world’s first MMS-spread mobile phone virus called Commwarrior, which also attempts to replicate through Bluetooth wireless technology, has been detected in the wild, F-Secure company warns.

The threat of mobile phone viruses increased yesterday with the revelation of a mobile phone virus called Commwarrior, which has the potential to spread globally through MMS (Multimedia Messaging Service). In addition, the virus can replicate locally through Bluetooth wireless technology – the means by which mobile viruses like Cabir and its variants have thus far been spreading. In this manner, it speeds up the draining of the phone’s battery.

The first indication of Commwarrior was made already in January in a Serbian discussion forum warning of a virus spreading among Symbian Series 60 platform phones by randomly sending MMS messages automatically to an infected phone’s contacts list. MMS text messages can include an image, audio or video elements. Commwarrior sends MMS messages from one phone to another or to the phone owner’s email contacts.

Viruses that distribute through wireless networks also have appeared earlier. For instance, Cabir worm is able to delve into a smartphone or communicator through Bluetooth. However, Cabir (and other similar viruses) operates in the area of its "movement" which is limited by the local wireless network range, it is about 10 meters.

That's why MMS virus represents the other threat. By sending MMS doing, the virus has the potential to spread globally. So far, however, it has failed to do so and is replicating slowly – an anomaly being carefully investigated by the F-Secure Anti Virus Research Team. First indications suggest that the virus is Russian in origin, and CCRC experts agree with that, as it contains text that says "OTMOP03KAM HET!" which roughly translates as "No to braindeads".

F-Secure Mobile AntiVirus can already detect Commwarrior – an update which was made within two hours of its detection. In the event that a user’s Symbian Series 60 phone is not running the F-Secure client, it is advisable not to install unknown applications arriving in MMS messages and keep Bluetooth in undiscoverable mode.

The full list of vulnerable mobile phones can be viewed here :

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-10-27 11:41:06 - nokian70infected bay commwarrior,plaise... amalik
2007-03-08 00:12:25 - nokia n70 infected on 8th March 07 by... John
2007-02-20 23:39:45 - pmkfqih vtisgoxka exryzqi uniymcows bkvs... kdnoayrb lcahzwd
2007-02-20 23:39:32 - tyuhalcb xrlw ubymt tvkzlum fjkwilc... lkdqn fhyq
2007-02-20 23:37:40 - jvybqck nfjbzdtc yeib mcsgyzf teodw jfkc uxno pbnuyoa ohwrxzlkv
2006-12-26 19:39:23 - my phone have viruses infected by... mes_angkasa
2006-12-13 00:46:22 - I have Noikia 6670 and Infected by... Suresh Balasubramanian
2006-11-21 20:21:47 - please send me antivarious because i have... soekmawati
2006-09-04 07:33:27 - Plz tel me the working of Commwarrior... Sachin R. Doke
2006-08-17 11:57:46 - for now my suggestion is all mobile or... ekis
Total 26 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo