Pics from a friend? Maybe not

The SymbOS/Beselo worm is in the wild in Asia. It’s a malware very similar to SymbOS/Commwarrior. The worm travels by both Bluetooth and MMS.

It sends itself out in an MMS to every contact in your phone book, plus a number of randomly generated mobile phone numbers. The MMS messages use no subject line and a handful of short texts in their body.

Where this malware gets interesting is in how it attempts to reuse an old technique to disguise itself so that it will be installed by an unsuspecting user. SymbOS/Beselo pretends to be a harmless media file under the names “beauty.jpg“, “love.rm” or “sex.mp3“.

On Windows, changing an extension will prevent an executable from running. Renaming bad_program.exe to bad_program.bmp will make the file open in MS Paint and not run the program. On Symbian, files are recognized by their file type. Renaming a SIS installation file to beauty.jpg will not open the file in the picture viewer but instead begin the installation process. In the case of SymbOS/Beselo, a user will receive an MMS from someone they know and the attachment could be beauty.jpg. The message says “photo” and it comes from a friend, so the user is likely to open it to see the photo. When the request to install pops up, it’s very likely the user will click OK and be infected.

SymbOS/Beselo relies on users’ possible unfamiliarity with how appplications are installed on Symbian phones. Viewing media files(jpg, rm, mp3, etc.) on Symbian does not usually require installing addtional software and definitely doesn’t require one to install from an MMS message.