Viruses and malware in general are a threat to mobile devices, similarly to how they are a threat to desktop computers. They can affect both static data and communication of data, according to the way they work.
An example of a wireless virus is the Visual Basic Script-based Timofonica Trojan horse virus that hit a wireless network in Madrid, Spain. Like the "I Love You" email virus, Timofonica appends itself to messages you send and spreads through your mail client's contact list, creating SMS spamming and eventually even a denial-of-service condition.
A similar DoS attack occurred in Japan when a virus that sent a particular message to users on the network attacked the NTT DoCoMo "I mode" system. The 911 virus flooded Tokyo's emergency response phone system using an SMS message. The message, which hit over 100,000 mobile phones, invited recipients to visit a web page. Unfortunately, when the users attempted to visit the page, they activated a script that caused their phones to call 110 (Tokyo's equivalent of the 911 emergency number in the United States). The virus overloaded the emergency response service and may have indirectly resulted in deaths.
This article by Kaspersky Lab, dealing with mobile malware (history, statistics, etc.), is not very recent but is worth reading:
As a consequence, you must have some anti virus software. In the already cited document about “Mobile Device Management and Security” by Nokia, it is explained that Symantec anti virus software is used for business level mobile products. According to the device and the operating system you use, you can find free or not free anti virus software. Just to give another example among the many, if you install Linux on a notebook, you can use the free Clamav anti virus software:
Starting in the summer of 2003, all Dell handheld devices began shipping with an embedded version of McAfee Antivirus, then other companies scrambled to compete. There are currently several virus scanners for Windows CE.
The choice of the operating system, in itself, influences the exposure to malware, as some operating systems are significantly more exposed than other ones, whatever the reason can be.
The importance of using certain protection tools, like firewalls and anti virus software, cannot be generalized to every possible mobile device, as we can have a lot of different kinds of mobile devices and in some cases their importance could be overemphasized. You have to reason about the meaning of the protection you think of adopting and, after deciding to adopt it, to configure it appropriately if necessary.
Logical Security regularly publishes white papers on topics vital to the security industry. Visit our CISSP Education Resources section to obtain valuable information and perspective on security practices.
Part 4 of 5 extracted from an original article written by Shon Harris entitled:
Mobile Device Security
Read Part 1 - Mobile Devices – Definition And Security Issues
Read Part 2 - Mobile Devices - Security Implications and Countermeasures
Read Part 3 - Mobile Devices - Access Control, Wireless Network Risks and Security Implementations
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.
Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP)