SIM virus???

[Jeckgo]

greetings...

my friend send me this:

If you receive a phone call on your mobile from any person, saying that, he or she is a company engineer, or telling that they're checking your mobile line, and you have to press # 90 or #09 or any other number. End this call immediately without pressing any numbers. There is a fraud company using a device that once you press #90 or #09 they can access your "SIM" card and make calls at your expense. Forward this message to as many friends as you can, to stop it. All mobile users pay attention if you receive a phone call and your mobile phone displays (XALAN) on the screen don't answer the call, END THE CALL IMMEDIATELY, if you answer the call, your phone will be infected by a virus.. This virus will erase all IMEI and IMSI information from both your phone

is this possible...???

[dinowuff]

Spreading via email is a hoax about a cell phone scam. It warns of a technique that some callers do to make cloning of the target cellular phone possible. Variations of this message also warns of the modus operandi carried out to get mobile phone users shoulder overseas phone expenses.

Source: http://www.trendmicro.com/vinfo/hoax...ng+Hoax&Page=1

[Katja]

That hoax would have been funnier if a few hours after you've received that message, someone would actually call you to ask you to press #90...

Still, I think in the past there was a hoax that a virus was spreading around in some kind of image file. And it used to be a hoax until some day, Microsoft introduced some kind of flaw in their decryptions of JPeG files, which could lead to a buffer overflow or whatever causing some code in the image to be executed, thus infecting your computer with this virus. It's always a good thing to check if something is really a hoax and better, to check if something is still a hoax.

But for a phone, I'd be more afraid for a virus spreading around through bluetooth than by some operator getting remote access. Especially when you go to an area (soccer stadion, theatre) where many other people might have their mobile phone with them, you better disable the bluetooth functionality before entering since those places are the most likely places to have your phone infected!

[Noia]

1) jpegs arn't nativly encrypted, their encoded :P
2) If I'm not very much mistaken that had to do with IE's lovely feature of detecting what kind of file any given file is reguardless of its extention and then attempting to execute it accordingly, thus you could stick VBScript in a .jpg and any IE user opening it would execute the VBScript, this vuln still exists, or so I belive, I may be wrong.

[Katja]

Actually, the JPeG virus is (was?) nastier than that. Check out http://securityresponse.symantec.com...rojan.moo.html

It has to do with the new Microsoft GDI+ library, where an integer underflow is causing arbitrary code to be executed. It's a nasty one since you'll get infected when GDI+ starts decoding the JPG file.