Phone Trojan 'has botnet features'
Summary
Topics
The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with spam SMS messages, and pull the content in those messages from the malicious website.
"In short, it appears to be a botnet for mobile phones," wrote Jonathan Leopando of the Trend Micro technical communications team in a blog post on Wednesday.
However, the malware itself is classified as low risk, with a low distribution potential, according to a Trend Micro analysis.
Leopando added that there may be a problem with digital signing by the Symbian Foundation. Digital signatures, which are cryptographic security features, are designed to provide a level of certainty that a message or piece of software actually comes from the organisation it appears to have come from.
However, Leopando wrote in the blog post that SYMBOS_YXES.B was similar to another phone malware that Trend Micro detects as SYMBOS_YXES.A, and that both pieces of malware had been signed by Symbian Foundation.
"The signing process — undertaken by the Symbian Foundation itself — is supposed to ferret out instances like this, but somehow this slipped through," wrote Leopando. "It may well be a coincidence, but it does not reinforce confidence in the signing system."
The Symbian Foundation had not responded to a request for comment at the time of writing.
This article was originally posted on ZDNet UK.
Talkback Most Recent of 1 Talkback(s)
-
Expect to see more of this.
I would say as mobile phones become more like personal computers, I would expect to see more of this type of thing.
astefl@...21st Jul 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
