Viruses raise flags for 3G

The Code Red and SirCam viruses have received more than their 15 minutes of fame in recent days. Although both have created a distraction for anti-virus vendors and Internet service providers, the threats they’ve posed to wireless devices and networks have been small.

Code Red, an “Internet worm,” targets computers running certain versions of Microsoft Windows; and although SirCam can infect wireless devices, it primarily uses the devices as routers.

But antivirus specialists say significant wireless virus threats likely are coming soon. To support this theory, they recall the evolution of viruses in the wired world.

Lessons from the Wired World

In the wired world, the threat of viruses grew as the capabilities of computer systems increased. The same will happen in the wireless world, said Bob Hansmann, Trend Micro (www.trendmicro.com) enterprise product manager. Trend Micro develops antivirus software and has been working with NTT DoCoMo for about a year to detect and prevent viruses on the Japan-based carrier’s servers.

Hansmann used the so-called 911 virus as an example. Las summer, the virus hit users of DoCoMo’s i-mode service. Some users received an infected e-mail and when they clicked on a link within the e-mail, their phones automatically dialed 110, the Japanese equivalent of 911 in North America.

DoCoMo’s advanced services made the virus attack possible, Hansmann said. However, he admits that most of today’s wireless devices and services are too limited to provide significant opportunities for virus writers.

“PDAs and PDA-enabled phones have definitely become popular, but the functionality is just starting to get there," he said. "People can organize addresses and do some basic things but e-mail, which is the application everybody is waiting for, is still rather limited in these devices. Although many of the devices will allow you to do e-mail, they will only keep, for example, the first 255 characters of your message and no attachments. "These kinds of limitations are hindering the utility of these devices for both evil and good," Hansmann said. "But as soon as the manufacturers of the devices and their software partners address those issues, viruses will become a bigger issue.”

Indeed, e-mail appears to have nourished the growth of viruses in the wired arena. The results of the International Computer Security Association’s (www.icsalabs.com)2000 survey, co-sponsored by Trend Micro and other anti-virus vendors, are compelling. The findings were based on 300 surveys of IT professionals responsible for monitoring and resolving virus problems on 200 or more computers within their corporations.

A comparison of the association’s 1996 and 2000 surveys revealed that in that 4-year period the virus cases involving e-mail increased from 9% to 87%. In 1996, 74% of the cases involved infection through a diskette. But in 2000, diskettes were involved in only 7% of the cases.

“Wireless will introduce a new vector for (the ICSA) study in future years,” Hansmann said. “It's not unreasonable to think that just as e-mail eclipsed the diskette, wireless devices may shift and impact this (ICSA) diagram further.”

Another truth is that it no longer takes a genius to write very dangerous viruses.

“The Anna Kournikova virus was produced by someone who admittedly knew nothing about programming,” Hansmann said. “But he knew where to go to get the pieces that, whether he understood them or not, he was able to piece them together and launch a new virus.”

Standardized languages have made it easier for non-programming virus writers to get code and use it in a destructive way. And in the quest for new and innovative services carriers and other wireless industry players are making things easier for would-be developers by forming forums and code libraries using standard markup languages such as Java and XML. Unfortunately, these forums and libraries can be used for evil as well as good.

Why Worry Now

Wireless industry vendors are beginning to address the potential threat of wireless devices. Companies such as Brightmail (www.brightmail.com) are touting the virus-fighting capabilities of e-mail firewalls, which monitor mail transfer agents (MTAs) or e-mail gateways for suspicious messages. When infected messages are detected, they’re cleaned and delivered to the user. If they can’t be cleaned, the message is stored and the user notified that a suspicious message was received.

Unfortunately, mail walls don’t prevent viruses such as 911. According to Hansmann, devices that run Java script aid the spread of malicious script such as that used to target DoCoMo’s subscribers. “A script was downloaded while (subscribers) browsed a Web site,” Hansmann said, “which caused the phone to do an automated action.”

Other vendors also are offering solutions. For instance, semiconductor manufacturer Texas Instruments (www.ti.com) recently announced that it would incorporate anti-virus solutions, as well as other security mechanisms, into its OMAP processing platform. Israel-based White Cell (www.white-cell.com), which develops mobile data security systems, will incorporate technology into OMAP that monitors and filters data traffic to prevent malicious content from seeping in.

Standard markup languages also have created more openings for virus writers by enabling various wireless devices to speak the same language.

“Six months ago, anybody writing a virus that they really wanted to go anywhere on devices had to write it to run on a specific device,” Hansmann said. “Today, these devices can run XML, Java or other standard languages that are non-platform-specific.”

The wireless environment slowly is becoming ripe for viruses to flourish. But why should carriers take preventative measure now, when wireless devices and services are too immature to support major outbreaks?

Building a security infrastructure to support anti-virus and other next-generation security measures could take a year, according to Hansmann.

“There is a lot of infrastructure work that they need to do and they need to investigate what that would entail today,” he said. “They also need to be making that plan parallel with the development plans of wireless devices over the next year.”

“It’s understandable that (carriers) have to be very selective about the services they’re going to offer to their customers,” he said. “They no longer have the funds to simply offer everything. But there's no bell or whistle they can offer that will bring a customer back if they’ve lost that customer because of a security breach.”