Never trust a report originating from a security vendor
The report originated from security vendor McAfee, who will by trade make a small issue appear massive and will try and create a hype. Sure, US-Cert had no choice but to follow up with an alert. The truth is though this is a small outbreak, if there is any infection activity at all. If a trojan report originally comes from a non-security vendor then a report has more weight. As soon as I noticed the report of this mobile trojan last night I took the report with caution and didn't post it to my mailing list.In truth this is a non-event, just hyped up by McAfee for business interests. The security vendor inustry are desperate for the whole mobile hacking thing to explode right now, they have their products to protect against it already built up and waiting for use, accept no one is buying them, because there is no attack vector to cause alarm yet amoung normal folks. However, the security vendor industry should be careful with this, because if you cry wolf too many times, your going to weaken your credibility when the real mobile threats are rolled out by hackers. Sure, its good to release these reports on a globally known press release day Tuesday's and Thursday's, but you're doing yourself as a vendor more damage than its worth. I suggest the written media take a backseat approach to folks like McAfee making these announcement's and what the motivation might be, to inform the masses of a real threat or one that's going to keep a vendor's company name in circulation and associated with mobile protection products, to trick the general public into thinking third party application's are necessary for your mobile phone's existence at such a premature time in mobile phone research time frame of february 2008. In 2008, there is still no real mobile security threat and there is certainly no need for any third party security vendor products from McAfee or any other vendor.