Symbian malware creating mobile botnet

The Symbian Foundation has dismissed reports of a mobile botnet

Mobile security firm NetQin claims to have found malware spreading via Symbian Series 60 handsets which is being used to build a mobile botnet.

The company has identified three piece of malware masquerading as mobile games or special offers, which infect versions three and five of the Series 60 Symbian platform.

NetQin estimates that 100,000 handsets have been infected and could be used to form a mobile botnet similar to those seen in the PC world.

"Our team found that these botnets do one of two things: send messages to all the contacts of the address book directly; or send messages to random phone numbers by connecting to a server," said the company in a blog post.

"The viruses will delete the sent messages from the user's outbox and SMS log. All messages contain URLs linked to malicious sites that users won't be able to see until after they've fallen into the virus trap."

However, the Symbian Foundation told V3.co.uk that there is no evidence that the malware is using handsets in a botnet, and that it had already rescinded the software's certification.

"We respond to reported malware by revoking the Symbian Signed certificates used to sign it. As far as we can tell, the certificates used in this case were revoked some months ago," said a Symbian Foundation spokesman.

"Users who are concerned about malware should turn on revocation checking on their phones."

The spokesman also pointed out that NetQin had not contacted the Symbian Foundation about the malware, which he described as "very minor".