You’ll always hear an argument, when talking about any non-Microsoft OS, that viruses/malware/spyware are something you don’t need to worry too much about. Mac and Linux users are generally free from attack. Sure, there are security holes, but for the most part they remain unexploited and are patched on a more leisurely basis.
But Microsoft however, while they may not have coined the term ‘Patch Tuesday’ or reference it very often, use the second Tuesday of each month to release tested and approved updates to the public, patching found or known issues with their suite of software products. With over 90% of the desktop market, they are always going to be under threat of attack more than others.
Now phones are becoming more powerful, the OS’ shaping up to be very much like a desktop OS. And with Android and iOS dominating the market it’s quite surprising that Windows Phone 8, with such a small market share, is getting what could be its first piece of malware.
Known as India’s "youngest ethical hacker", Shantanu Gawde says he will show the malware prototype at the MalCon Security Conference on November 23rd and 24th. His presentation will show "approaches and techniques for infecting... Windows Phone… how to steal contacts, upload pictures and steal private data of users, gain access to text messages etc.” However, as there is little known about the malware, there are questions around whether it relies on exploiting an OS vulnerability or just masquerades as a malicious mobile app.
Dave Forstrum, director at Trustworthy Computing, Microsoft has spoken out on the supposed malware:
Microsoft is aware of the upcoming presentation but further details have not been shared with us. As always, we will investigate any issues disclosed in the talk, and will take appropriate action to help protect our customers.
Gawde is only 16, and at the age of seven he became a Microsoft Certified Application Developer (MCAD) – the youngest person to do this. At MalCon in 2011, he demonstrated a malware application that used Kinect’s gesture recognition.
Source: Sophos