The University of Santa Barbara's software group released the source code for their proof of concept 'Feakk' worm that was developed by Paul Haas in March 2005. The worm uses SMS to send a hyperlink to its target. The targeted user then has to visit the hyperlink and download and acknowledge three sets of prompts in order for the worm to install, at which point it will immediately start to run in the background. It will scan the user's contact list and send a message to each contact (including the recipients' names) and will also scan for new contacts at certain intervals.
Upon installation, the worm checks for a contact with the first name "HACKME." If this isn't found the worm will exit. If it is found, then the worm sends itself to every mobile number it finds in the user's contact list. The author did not write a payload because this was for demonstration purposes only and it should be noted that it can be removed via the "Uninstall List."
Symantec have added detection for this threat, although we don't expect it to be prevalent in its current state (who has a contact named "HACKME" in their phonebook?). However, since the source code has been released we can expect other incarnations of this worm to emerge, as we've seen with Cabir and others in the past.
Message Edited by Ollie Whitehouse on 03-06-2008 08:58 AM