The Un-Virus
By Carlo Longino, Thu Aug 12 01:15:00 GMT 2004

The latest mobile malware is revealed not to be a trojan, but rather an anti-piracy "feature" included by the developer.

While previous mobile viruses have only been harmless proofs of concept, the Web was in a tizzy over what was thought to be the first widely spread malicious trojan. A pirated copy of the Series 60 game Mosquitos that was being shared on the Net was reported to contain a payload that sent unauthorized SMS messages to premium-rate numbers.

One problem, though: the pirates didn't put the virus in there. It was included by Ojom, the game's developer, and intended to SMS the company when an unlicensed version of the game was being used. The company evidently removed the "feature" after people complained, but an older version of the game was cracked and put up online.

Though mobile viruses pose little real threat at this point, security companies' hype machines have worked, putting the media on alert and worrying consumers. But like Cabir and other viruses, it's made pretty clear to the user that they're installing an unsigned application, and also that it's a cracked version. It's not uncommon for cracked PC applications to include malware, so it's almost unreasonable to expect things to be different with mobile software.

The "trojan" is easily removed by simply uninstalling the game. While some -- generally from anti-virus companies -- may say it highlights a growing problem, from the user perspective, not much has changed. Users must still ignore security warnings to install the game, and pirated software is clearly a user-beware area. A Pocket PC virus that emerged this week should be more of a concern, though it, too, is pretty harmless.

But what's Ojom's deal? While any software company wants to protect their product from pirates, getting an unlicensed copy to phone home is a different proposition on a mobile than on a Net-connected PC. Just because somebody capitalizes on the work of a nefarious cracker and puts the game on their handset, that doesn't give Ojom the right to inflict SMS charges on them. What is the company going to do with the SMS, anyhow? Reverse bill the number the cost of the game? That sounds legal, not to mention a good way to impress customers.

Given the current over-reactive environment, it's pretty dumb to include something like this in an application, no matter how big a problem pirated software is. The furor is pretty ironic, too, given that one of Ojom's other titles is called Attack of the Killer Virus.