A newly detected mobile phone trojan is charging mobile phone users $5 to send a premium rate SMS message, security experts warned today at Infosec Europe 2006.

F-Secure explained that a proof-of-concept attack had been reengineered to make money illegally from mobile phone users.

"The trojan gets your phone to send an SMS to a premium rate number and then sends an authority that they can charge you without you knowing about it," said Richard Hales, country manager for UK and Ireland at F-Secure.

F-Secure warned that users are still leaving their mobile devices and laptops open to attack by using unsecured Bluetooth connections, despite the company's warnings at trade shows such as CeBIT. 

The security firm's honeytrap system at Infosec picked up 1,142 open Bluetooth products in the first three hours of the security show, and had 183 devices in range as it was demonstrated to vnunet.com.

Hales said that the new attack is similar to the CommWarrior mobile virus which originally spread itself over mobiles without causing anything more than a higher bill for sending itself to contact via MMS as well as Bluetooth.

User ignorance is still the main reason for the spread of CommWarrior type viruses, according to F-Secure.

"If someone's phone is infected with CommWarrior, all of these phones in range would be getting a message saying: 'Install CommWarrior, yes or no?'," said Hales.

"If you say no it immediately pops the message back up again if you're still within range. So you press no, no, no, oh for goodness sake, yes."