Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Wireless Communication > E-mail - Pg. 102

102 Chapter5·TaxonomyofMobileMalware E-mail In classic malware, e-mail has long been used as a vector of infection for several worms. Typically, they all work the same way: search for addresses and an SMTP, and create e-mails with the malware attached to the message. Once sent out, the recipient is tricked through social engineering into running the attachment, and thus infection is achieved. In the world of mobile devices, e-mail is the second biggest task performed, with text messaging in first place. Currently, not too many MM have been seen using e-mail for infection, but one notable sample has arisen, setting the stage for future MM. In 2006, an e-mail worm named MSIL.Letum.A@mm arrived on the scene. This mass mailing worm was written on the Microsoft .NET platform and was built in the MSIL specification. Letum spread by e-mailing itself through any SMTP found on the victim's machine as an attachment to addresses found on a fixed computer. It infected all the known versions of Microsoft Windows, but what was later discovered was that Letum was actually built in the .NET CF platform, which is specifically created to run on Windows Mobile. The result was an e-mail mass mailing worm that infected any Windows platform having .NET or .NET CF installed. The worm also spread via newsgroups through NNTP. A typical e-mail, with the worm in the attached file test.exe, is identified in Figure 5.5. Figure 5.5 A Letum E-mail with test.exe as a Copy of the Worm From: Symantec Security Response [pete{BLOCKED}] Subject: (any of the following) Virus Alert! Re: Warning Customer Support Re:Warning Security Response Virus Alert Letum Virus Report Warning! Message Body: Dear User, Due to the high increase of the Letum worm, we have upgraded it to Category B. Please use our attached removal tool to scan and disinfect your computer from the malware. If you have any comments or questions about this, then please contact us. Regards