Three Chinese companies have created the world’s first SMS worm, according to F-Secure.
The companies created the 'Sexy Space' worms or Yxe Worm, it said.
They allegedly submitted them to Symbian OS-based phones through the express signing procedure, said F-Secure Security Labs recently.
"The worm is the first text message worm in history," said Chia Wing Fei, security response senior manager at F-Secure. "Our labs have received few confirmed reports from China and Middle East at the moment."
The first stage of Symbian's signing process is done automatically using an antivirus engine, said Chia, adding that once an application has been submitted and scanned, random samples are then submitted for human audit.
However, most applications are not inspected by humans through the express signing procedure, he noted.
An attacker can therefore put a web link pointing to the worm's web site into a text message and invite the user to download the worm by clicking the link, Chia said. Once activated, the worm will install itself on the device, and send a similar text messages to all phonebook contacts listed, he added.
"These messages are sent in your name and from your phone. It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you 500 times 5 cents," Chia noted.
The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test, F-Secure noted.