LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Mosquitos trojan

[Posted August 17, 2004 by corbet]

Many people interested in security issues fear the first big security breach which affects mobile wireless devices. A large, destructive cell phone worm would make for a bad day in many quarters. The "Mosquitos" trojan does not quite live up to those fears, but there are lessons to be learned from it anyway.

Mosquitos is a game for Symbian-based wireless handsets. According to early reports, a version of the game had been "cracked" and circulated through the usual channels. Users who picked it up and ran it found out, sooner or later, that it had a bad habit of sending text messages to expensive, premium phone numbers. That was almost certainly not the experience the users had in mind when they loaded the game.

While many outlets reported the existence of a Symbian trojan, rather fewer followed up with the truth of the matter became clear: the "trojan" functionality was an intentional feature added by the manufacturer of the game. It is, in essence, an attempt at a copy protection mechanism; if the game finds itself running outside of its intended geographical area, it sends a bunch of expensive messages in retaliation. This behavior is a feature, not a trojan.

Then again, that might depend on your definition of "trojan." It is an undocumented behavior hidden within a program; certainly nobody who bought this game intended to purchase a function which sends unwanted messages if it decides things are not right. Most users might be forgiven for feeling that they had, indeed, been trojaned after all.

It would be out of character for us to fail to point out that this sort of behavior is almost exclusively associated with closed-source, proprietary software. The author of a free software program is certainly capable of inserting trojan-like behavior; consider the mICQ incident from February, 2003. But it would be surprising indeed for any such code to last for long. Free software means that hostile code can be found and ripped out in a hurry. Now if we only had mobile phones built with free software...

(Log in to post comments)

The Mosquitos trojan

Posted Aug 19, 2004 4:24 UTC (Thu) by Ross (subscriber, #4065) [Link]

I'm sorry but it is a Trojan. Just because it is doing what the author
intended doesn't mean that the user understands the intent. Unless this
"feature" is explained clearly to people who load this program it is
tricking them into having their phone do something they would not
normally approve.

The Mosquitos trojan

Posted Aug 19, 2004 14:30 UTC (Thu) by RobSeace (subscriber, #4435) [Link]

Indeed... In fact, isn't the nasty behavior of ALL trojans, virii, and worms
clearly and obviously intentional on the part of the original authors? I
mean, isn't that rather the POINT: they're malware! So, it does indeed seem
very odd to say that the malicious behavior is an "intentional feature", and
therefore NOT a "trojan"... ALL trojan (and other malware) behavior is an
"intentional feature" of the malware! ;-)

"Now if we only had mobile phones built with free software..."

Posted Aug 19, 2004 4:34 UTC (Thu) by dank (guest, #1865) [Link]

One reason I've been working on http://kegel.com/crosstool
is to make it easier for potential cellphone vendors
and developers to use Linux, in hopes this will hasten the
day I can actually buy one :-)

(And I believe one or two of them are in fact using crosstool
to build their compilers, so my plan may be working...)

The Mosquitos trojan

Posted Aug 19, 2004 14:41 UTC (Thu) by gyles (guest, #1600) [Link]

"certainly nobody who bought this game intended to purchase a function which sends unwanted messages if it decides things are not right."

Given that those users obtained a "cracked" version through "the ususal channels" they did not _buy_ the game. I'd imagine that purchased copies of the game do not do this.

This is surely a risk with this method of obtaining software, rather than anything to do with with the availability of source code.

The Mosquitos trojan

Posted Aug 19, 2004 17:38 UTC (Thu) by kevinbsmith (guest, #4778) [Link]

But the trojan is present even in legimately purchased versions of the game. Folks who bought the game have to trust that the game will *never* make a mistake and think the game was stolen. I don't think I would buy a game knowing that a bug in the code might cause it to ring up expensive charges.

The Mosquitos trojan

Posted Aug 19, 2004 19:34 UTC (Thu) by mmarsh (subscriber, #17029) [Link]

It seems even more nefarious than that, if I read "outside of its intended geographical area" correctly. We're talking about mobile devices. Do you have a cell phone or a PDA? When you travel, do you bring it with you?

The Mosquitos trojan

Posted Aug 19, 2004 19:59 UTC (Thu) by NAR (subscriber, #1313) [Link]

Well, I've used my mobile at an other continent. And I played with a game on the mobile 800 kms from home...

Bye,NAR

The Mosquitos trojan

Posted Aug 20, 2004 4:29 UTC (Fri) by bgilbert (subscriber, #4738) [Link]

Symbian claims that the cracked version was based on a beta, and that the copy-protection in that version was "experimental" and removed before commercial release. On the other hand, The Register is quoting F-Secure as saying the copy-protection is not present in "current" versions, which may or may not mean that the vendor pulled the code out once the uproar started. The truth is unclear; obviously Symbian has sufficient reason to lie about this. But there appears to be a possibility that the game vendor never intended the trojan code to be publicly released.

The Mosquitos trojan

Posted Aug 20, 2004 22:45 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

But it would be surprising indeed for any such code to last for long. Free software means that hostile code can be found and ripped out in a hurry.

I think that's only partly true. The hostile code can be found and in a hurry, a version without the hostile code can be made available. But does that mean the code will be ripped out of everyone's phones? Or it will stop getting installed in new phones? I doubt it.

In this case, like many, the majority of the damage is caused when people don't know they have a problematic program installed.

Also, I have my doubts that the unwanted behavior would typically be found by someone reading source code before by someone experiencing it executing.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds