- Step #1: Investigate Whitelist and Blacklist Software for Both SMS and E-Mail Messages for Your Mobile Users (or Develop Your Own)
- Step #2: Stay Up-to-Date On the Growing Problem of Wireless Spam with Virus Payloads, and Prepare Patches and Other Defenses
- Step #3: Find Better Ways to Filter the Messages that Get Routed to Mobile Devices
- Step #4: Make Sure that Your Carrier Knows You're Concerned About Mobile Spam
- Step #5: Institute an Enterprise Policy that Protects Against Wireless Spam
- Step #6: Get Serious About the Problem
Step #2: Stay Up-to-Date On the Growing Problem of Wireless Spam with Virus Payloads, and Prepare Patches and Other Defenses
Sure, mobile viruses are rare today, and those that have made the rounds haven't been particularly serious so far; right now, they target only a small subset of devices and do little or no damage. However, surely you have no doubt that more serious e-mail and SMS viruses are on the way, particularly for the dominant mobile operating systems.
- "Symbian and Windows Mobile are becoming attractive for virus-writers and spammers," says Todd Thiemann, director of device security marketing for antivirus and content security software/hardware firm Trend Micro. "This will be a significant issue, and we need to prepare for it."
To draw public attention to the issue, Trend Micro is offering free trials of its mobile spam-fighting Mobile Security Suite free of charge until June 2005. The Mobile Security Suite current runs over Windows Mobile 2003 and Symbian 7.0 with UIQ v.2.0/2.1.
Not only can e-mail messages carry viruses, but serious threats might emerge that can come through over SMS channels as well. WAP push, which can disguise itself as a harmless SMS message, can carry a virus. Although the message interface does ask the user whether he wants the message, if he agrees to accept it, he might unknowingly allow an intruder to force malicious code onto his mobile device.
In the wrong hands, in fact, the SMS text messages themselves can be a form of malicious code. "SMS data can include instructions to download MMS files, and then the MMS message can carry code which can automatically be executed on the device," notes Matt Ekram, product manager for mobile security with Symantec.