The Web    Google
Lasco.A Poses New Mobile Threat

Lasco.A Poses New Mobile Threat
January 12, 2005

Finnish antivirus firm F-Secure said it has detected a quick spreading and versatile new worm capable of infecting both Windows and cell phones using the Symbian operating system.

Lasco.A spreads itself by searching SIS installation files in infected devices, and attaches itself as an embedded SIS file, according to Mikko Hypponen, director of anti-virus research at F-Secure.

An SIS file in the device that gets copied to another phone will also contain a copy of Lasco.A, added Hypponen.

"The new Symbian malware combines two spreading tactics; it is common in PC malware but not with mobile systems," Hypponen said.

The worm attacks most often when users are attempting to trade programs, Hypponen said. Lasco.A will also try to infect phones that have Bluetooth connectivity that are within its range.

The latest worm to infect mobile phones is the handy work of a Brazilian virus writer who has released the source code on his Web site, more than likely making the proliferation of the mobile malware imminent, Hypponen said.

"It is going to continue to get worse," he said. "In the future, hobbyist or malware writers will have a blueprint to write their own viruses because the source codes are readily available."

In addition to spreading within infected SIS files, Lasco.A is capable of moving by itself, jumping from one device to another via Bluetooth, much like last month's Cabir virus.

Lasco.A replicates only over Bluetooth connections, arriving in a phones messaging inbox as velasco.sis, the name of the Brazilian virus writer, according to Hypponen.

When a user clicks on the velasco.sis message, the worm activates and starts looking for new devices to infect over Bluetooth.

Lasco.A can also replicate by inserting itself into other SIS files found in the device.

Hypponen said the virus can only spread on Bluetooth cell phones that are set in discoverable mode. He recommends operating the system in the hidden Bluetooth mode to avoid becoming infected.

  • 2/21: MyDoom-BC an Email Worm for Windows
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • 11/9: Rbot-PG Worm also a Trojan
  • Windows Server 2003: Hardware-Based Security
  • 11/8: Trojan.Beagooz Collects Addresses
  • 12/13: Janx Worm Exploits Windows Flaw
  • 3/25: Backdoor.Nibu-J Runs Keylogger
  • 2/10: Mydoom-AS a Mass-Mailing Worm
  • Look Out For 3-Headed Plexus Worm
  • Microsoft Battles Debugger Flaw, SQL Worm
  • 7/21: Lovgate-V Worm Provides Remote Access
  • Security Camera Price