Skulls Trojan carries worm into handsets

Virus writers have unleashed a second version of the "Skulls" Trojan horse and packaged it with a mobile phone virus, a security company has warned.

The hybrid Skulls.B Trojan horse displays images of skulls instead of the program icons on handsets running the Symbian operating system, software maker F-Secure said in an advisory on Monday. It also releases the Cabir.B worm, the company said.

Cabir, which asks its victims if they would like to be infected, was thought to be a proof-of-concept virus when it was released earlier this year. The virus spreads by sending itself to other handsets within Bluetooth broadcasting range.

Phones infected with the Skulls.B hybrid can infect nearby handsets with Cabir. The Trojan horse, though, can only be downloaded and does not spread using Cabir as a vehicle. Skulls was originally distributed on Symbian shareware websites as "Extended Theme Manager".

When infected with Cabir, a phone displays the word "Caribe" on a screen as the worm modifies the Symbian operating system and looks for other mobile phones to target.

F-Secure said that mobile phones from manufacturers such as Nokia, Siemens, Panasonic and Sendo were vulnerable. It has posted advice on disinfecting mobile phones on its website.

But Symbian has said in the past that the Trojan horse only affects mobile phones running Nokia's Series 60 software. The software developer could not be immediately reached for comment.

Mikko Hypponen, director of antivirus research at F-Secure, said that Skulls represents only a mild threat to mobile device users at this point, based on its Trojan horse design. But he said the program is indicative of a growing effort among virus writers to target wireless handsets.

"Obviously what we're seeing here are the early days of a new platform, with the bad guys trying to find different ways to attack [mobile phones] and test out different technologies," Hypponen said. "Skulls' existence shows that there is increasing activity in the underground looking at phones and genuine interest in how to write Trojans, backdoors and viruses for these devices."

In addition to creating something of a template for future mobile device viruses, Hypponen said that Skull's existence highlights the fact that phones may be more vulnerable to attacks than other devices, based on their direct ties to systems that deal with purchases and other transactions.

"The biggest difference from PC viruses to phone applications are the direct links to money," he said. "If you can infect a phone you can immediately begin making calls or sending text messages to toll numbers in order to steal from someone. The theft will happen a lot faster than it did with PCs."

Dan Ilett writes for ZDNet UK. Matt Hines writes for CNET News.com.