New "Sexy View" Malware Targets Mobile Devices

The eventual creation of botnet(s) based on mobile devices rather than PCs has been theorized about for years, but no such malware has ever appeared in the real world—at least, not until now. Security researchers believe they may have found the first true mobile worm, dubbed "Sexy View" or "Sexy Space" depending on which version of the program one encounters.

The infected payload displays many of the characteristics of PC botnet software and is now more sophisticated than other handheld attacks that have appeared to date. The "now," in this case, is important, as Sexy View first hit the radar six months ago or more. The program has evolved considerably since it debuted, and is now capable of downloading and updating its SMS templates without user input. Such capability is considered a core component of a modern botnet; its new functionality elevates Sexy View/Space into a more severe threat category.  

Sexy View exploits the same basic attack vector as PC-based malware. The program (identified as SymbOS.Exy.C by Symantec) spreads via a text message that invites viewers to download an apparently legitimate application. The badware's hook reportedly consists of the phrase "A very sexy girl, Try it now!," thus proving that human stupidity creates far more security problems than even the buggiest of operating systems. Once installed, the new application digs through one's personal details and contact list. The former data is forwarded on to a set of predetermined addresses, while the latter is used to bait a fresh series of hooks for users whose only thought processes occur below the belt.

The defining characteristic that elevates this little darling from "worm" to "malware," is that the malware is capable of phoning home and receiving new instructions from a command-and-control (C&C) server. Sexy View was written specifically to target Symbian OS, which is quite popular outside the United States. In another troubling twist, the Sexy View payload has earned signed application status, despite the fact that the signed application process is meant to prevent malicious software from garnering such authentication.

The nasty question at hand is how device manufacturers and mobile OS developers should guard against such attacks in the future, given the near-certainty that we'll only see more of them from this point forward. It would be nothing less than gobsmackingly surprising if the PC antivirus/antimalware industry didn't have some of its own ideas about that, but it's hard to see mobile users wanting to sacrifice the memory and performance (to say nothing of the battery life) necessary to keep an AV scanner resident and active on a smartphone.

In the meantime, don't open strange texts that link to programs claiming to offer sexy girls in broken Engrish.