Ask the Expert

Can smartphones get viruses and spread them to the network?

What's the likelihood that a BlackBerry, iPhone or other mobile device would contract a virus and, when connected via USB to one of our network clients, spread the virus to the network? Would standard endpoint security defenses typically detect malware spread to users' computers via mobile devices?

    Requires Free Membership to View

In short, "high" and "hopefully." USB malware distribution is highly effective; you only have to look at the recent Stuxnet worm and the Mariposa bot client. Panda Security S.L.'s recent International SMB Security Barometer shows that so far this year , 25% of new worms have been specifically designed to spread through USB storage devices when they connect to a computer. It's an obvious attack vector given that nowadays so many devices connect to computers using a USB port: thumb drives, digital cameras, keyboards, MP3 players, and of course, smartphones like BlackBerrys and iPhones. So can smartphones get viruses and spread them to the computers? Phones are often not seen as a type of storage device, but they are just as susceptible to acting as a carrier and transferring viruses from one computer to another as other USB devices.

For example, the Hamweq.A worm, which spreads via removable USB drives, used smartphones as a carrier, and memory cards supplied by Vodafone Spain for certain Android-based smartphone models were infected with the Mariposa bot client. The malware was not able to harm the Android smartphone itself, but attempted to contact a command-and-control server when the phone was connected to a Windows PC. Viruses can also spread in the reverse direction: When someone plugs a smartphone into a computer that has been infected, the virus can be transferred onto the smartphone, which can then act as the carrier to infect any other computer that the phone connects to.

One reason malware uses USB for distribution is that the malicious code can take advantage of the autorun feature in Windows. By modifying the autorun.inf file with specific commands, cybercrooks can enable malware stored on the USB drive to run automatically when the device connects to a computer, immediately infecting the computer almost transparently to the user. In 2009, the Conficker worm exploited a bug that prevented users from disabling AutoRun to automatically infect PCs when USB drives were plugged in. (Microsoft has since patched this and changed the AutoRun's behavior in Windows 7.)

Everyone needs to appreciate that their phone is a vector for malware distribution and exercise many of the same security precautions that they would with a laptop. Only download and install applications from reliable sources such as the Apple iTunes store, Google Android Market or Nokia OVI Store, and be wary of opening files, emails, SMS messages, and IMs if they're from an unknown source. You should disable Wi-Fi access by default and only connect to known Wi-Fi hotspots. Bluetooth should also be disabled until you want to share something; the Cabir Symbian virus attempts to spread via Bluetooth. Finally, think about installing a mobile-based antivirus software package: McAfee Inc.'s VirusScan Mobile for Android, for instance, is free to its existing desktop antivirus customers.

This was first published in February 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: