Doombot.A Delivers CommWarrior.B to Bluetooth Smartphones - 2,139 Views, 1 Comment
|
Previous Article « Online Consumers Don’t Like Pop-Ups, Flash Animation, Says Survey
Read Next Article » FTC Survey Tests Top E-Tailers’ Compliance with Can-spam’s Opt-Out Provisions
While consumers, and indeed the online security industry, have typically not paid much mind to warnings of nasties being sent to or through a Bluetooh device, experts are warning that this needs to change. Case in point: the newly discovered Doombot.A, which carries with it CommWarrior.B, which sends itself out using a Symbian smartphone’s Bluetooth transmitter. Of course, in addition to the fact that the Doombot.A virus and its stowaway CommWarrior.B worm are just plain rude, they can also cost their host money, as many people must pay for messages sent from their phones on a per-message basis. Explains Doug Conorich, Global Solutions Manager for Managed Security Services at IBM, “The biggest threat that I see right now is that is that Blackberries and PDAs are connected to names and addresses. If somebody devised a virus sent out with a ‘payload pull’ and an ‘address book out’ it could send out messages to all those listed in the address book. At 10 cents a message or more on some of the plans, you can see that that cost to smartphone end-users could add up rather quickly.” Experts point out that responsibility for the security of a mobile device lies in part with the software publisher. “The software vendors that produce mobile phone operating systems definitely have the responsibility of issuing patches to their products. But this is a totally separate issue from determining who is responsible for protecting smartphone users from a financial standpoint,” points out McAfee Mobile Solutions Senior Vice President Victor Kouznetsov. Beyond that, however, is what measures should IT departments take as the workforce is increasingly mobile-enabled? Kouznetsov says that IT departments need to demand that their carriers provide anti-virus and security measures for mobile devices, and recommends that an IT department “would be well advised to contact the operator they are using and standardizing on, and then demand that the operator include the technology and provide it on their handsets, or ask whether the operator will be including it in the future.” Experts also agree that it is incumbent upon IT departments to establish standard policies and procedures for allowing an employee to connect a mobile device to the enterprise network, or even that the enterprise should standardize and provide the mobile devices to ensure that they conform to standards set by the enterprise. Drew Carter, a Senior Product Manager, also with McAfee Mobile Solutions, points out that “Mobile devices are often purchased by individuals who also want to access enterprise resources. But does this really make sense? Today the technology is somewhat immature, but as it reaches a higher level of penetration, companies will need to adopt a more sophisticated approach. The other option is for enterprises to provide the mobile devices and set the standards, so if mobile workers want to connect to the network, then they need to buy these devices.”
Follow Anne on Twitter
Doombot.A Delivers CommWarrior.B to Bluetooth Smartphones
Twitter Explained in Plain English
Previous Article « Online Consumers Don’t Like Pop-Ups, Flash Animation, Says Survey
Read Next Article » FTC Survey Tests Top E-Tailers’ Compliance with Can-spam’s Opt-Out Provisions
Read more:
» The Car Whisperer: Eavesdrop On and Take Part In Nearby Bluetooth Conversations (a/k/a Bluejacking)
» Wibree - New Wireless Technology from Nokia. Because You Can Never Have Too Many Types of Wireless
For additional similar stories check out our archives on Bluetooth, Cell Phones, Handhelds & PDAs, Security, Virus & AntiVirus, Worms
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
I wonder if it might be a good idea to draw up some kind of Internet anti-spam protocol for e-mail transfer connections, make it optional if necessary. It would be best if it were like a service that an e-mail client could be set to link up to before attempting to connect to a mail server.
I mean, we’re sending the data over the Internet anyway, why not use the Internet to, say, filter known spam into its own bundle marked “spam”?
I admit there are some flaky parts of this solution, and a lot of work for everyone. Also, it would only be as good as the service’s filtering.
Maybe it would just be better to get some better people, like real algorithm people, to improve anti-spam software, and include it as part of an e-mail client’s e-mail processing. If that could happen, I think it would make sense to make it open-source.
Sincerely,
Steve
Comment by Steven — 8/3/2005 @ 4:41 pm