Feeds

China faces million-strong zombie phone horde

Leading the world in mobile malware

Providing a secure and efficient Helpdesk

More than a million mobile phones in China have been infected with the AVK.Dumx.A Trojan.

According to local reports in the Shanghai Daily, the infection is costing users more than two million yuan (just shy of £200,000) in text messaging as it attempts to spread.

The disguise the Trojan wears is unclear, though it does appear to be Symbian-based. All reports agree that in addition to spreading itself the infection logs with a central server in readiness to receive additional instructions.

The Shanghai Daily's report explains that the infection comes embedded in an anti-virus package, but the official notification from the Chinese "National Computer Network Emergency Response Technical Team Center" draws attention to a media player called DuMusicPLayer which it reckons is carrying the Trojan.

The infection does check for, and disable, anti-virus software running on the handset in the same way as the more-advanced desktop viruses. It then sends SMS messages to everyone in the handset address book, containing links to the package, and reports the handset phone number, model and other available details to a remote server.

That server is under investigation by the local authorities, but it's very possible that the miscreants already have a decent list of infected numbers to which they can send commands over the SMS network whenever they want. Those commands could, for example, make the phone call a premium number or premium text service, offering financial reward to the developers.

The only good news is that the infection is so virulent that users rapidly become aware that their phone is infected by all the text messages it suddenly starts sending - a more relaxed version of the same thing would be much harder to detect even if it took proportionally longer to spread.

The best defence against this kind of thing is, of course, a locked-down device with a gatekeeper. Users, in China and elsewhere, always click "continue" in the face of security warnings such as those presented when this infection is received.

As our mobile phones become as prone to infection as our desktop computers, we'll have to decide what price we're prepared to pay for our security before we see a million-strong zombie army in the west. ®

Security for virtualized datacentres

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
Consumers agree to give up first-born child for free Wi-Fi – survey
This Herod network's ace – but crap reception in bullrushes
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
New EU digi-commish struggles with concepts of net neutrality
Oettinger all about the infrastructure – but not big on substance
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.