Basic profile
With the popularity of smart phones and the growth of mobile network bandwidth, the interaction between terminals and operators, terminals and terminals began to increase gradually; According to the data provided by the global anti-virus agency, by 2009, there were more than 300 kinds of viruses infecting terminals, and the growth trend was even more rapid. Considering that mobile phones are closer to users' lives than computers, and the information stored is more important, it is necessary to guard against mobile phone viruses.
key property
Definition: A program (software) that meets one or more characteristics in the following table can be defined as a mobile phone virus:
Features: The equipment is damaged, resulting in the abnormal use of the mobile phone, some functions fail, crash, automatic shutdown, frequent automatic restart, and the information in the mobile phone (address book, photos, ringing, etc.) is destroyed. ), sending paid short messages, secretly deducting fees, and destroying communication networks (forcing mobile phones to continuously send spam to their communication networks, leading to information congestion and eventually leading to paralysis of local mobile phone communication networks). Behavior: Connect to the network automatically. Mode of transmission: SMS, etc. ).
Related history
In 2000, the first program aimed at the vulnerability of Timofonica SMS system appeared in the world, which was the first mobile phone virus. With the popularity of smart phones, Cabir virus against Nokia S60 series appeared in 2004, and various viruses followed. By 2009, hundreds of mobile phone viruses had been discovered. Mobile phone viruses are similar to PC viruses, mainly destructive virus Trojans and spies, monitoring and monitoring viruses. Viruses seize the security vulnerabilities of mobile phones to attack, or pretend to deceive mobile phone users to execute corresponding virus programs, and use the network of mobile phones to spread quickly.
Virus introduction
For destructive virus Trojans, mobile phone software can be divided into destroying system performance according to destructive programs. For example, Cabir virus, known as the originator of mobile phone virus, is spread through Bluetooth. It searches for Bluetooth devices within the Bluetooth transmission range (10 meter). If the mobile phone within the attack range is found to have Bluetooth enabled, a connection request will be sent to it. At this time, the attacked mobile phone will get a connection to remind the mobile phone to kill virus. If the user refuses the mobile phone software, the virus will always apply for connection until the user leaves the range of Bluetooth connection. If the user allows the connection, the SIS file containing the virus will be copied to the inbox. At this time, if the user installs the file, the mobile phone software system will display an unauthenticated warning message. If the next installation is carried out, the mobile phone will be installed on the user's mobile phone, and at the same time, the virus will be started to continue Bluetooth search, and the mobile phone software will look for the mobile phone to attack.
The other is mainly a virus that destroys the system application system and the system application association or application program. For example, Skulls ("Skeleton Virus"): Anti-virus for mobile phones. This virus is disguised as mobile phone theme software to induce users to install it. When users install this virus, they will find that the icons of most applications on the mobile phone are replaced by skull icons. When users click on this icon, they will find that the icon is no longer associated with their original corresponding programs, so they cannot start these programs. Mobile phones only have the functions of making calls and answering. And the mobile phone virus is getting more and more serious. Some viruses in mobile phone antivirus have begun to compete with antivirus software. For example, there is a virus called Drever, and the mobile phone software is a malicious SIS file Trojan. Mobile phone antivirus mainly stops the operation of antivirus software by attacking some antivirus programs to start loading files, and its more powerful variants will also try to attack antivirus software by overwriting files. Generally speaking, Drever is spread through the upgrade installation package Simworks _ update.sis disguised as antivirus software SimWorks. If the user accidentally installs this SIS file, it may be poisoned at any time.
China domestic users' understanding of mobile phone virus should start with Commwarrior virus. The virus first appeared in Russia, and it is a worm of S60 series mobile phones. It is spread by Bluetooth and MMS. The files that send SIS are randomly named, so users can't prevent them. Mobile phone software not only spreads through Bluetooth, but also reads the user's local mobile phone number address book and sends multimedia messages containing virus SIS files. A clock mechanism is also set to transmit Bluetooth from 08:00 to 23:59. MMS will be played from 00: 00 to 06: 59 pm. It is its MMS communication function that enables it to spread on a large scale in a short time, which consumes the expenses of mobile phone users on a large scale and causes economic losses to mobile phone software users. Therefore, when the user's mobile payment changes greatly, it is necessary to pay attention to the detailed list of expenses to prevent poisoning.
correlation method
Mobile phone antivirus technology obviously lags behind computer virus technology. However, ensuring the security of mobile phones is far more important than ensuring the security of computers. Because of the limitation of hardware configuration and operating system design, mobile phone is not suitable for running medium and large software designed for computers, especially in the case that the full version of antivirus software can't do it. It is unrealistic to expect that the mobile version of these computer antivirus software can protect the user's mobile phone security. The fat body drive of computer antivirus software, the time-consuming and laborious inefficient performance, and the annoying query mechanism that users don't know how to deal with are so different when used on mobile phones. Therefore, it is obvious that mobile phone antivirus can not simply apply the computer antivirus model and apply the idea of computer antivirus to the design of mobile phone antivirus software, but needs a brand-new antivirus concept to ensure the safety of mobile phone users.