Phone Trojan 'has botnet features'

A piece of mobile malware has the capacity to enable a hacker to build a botnet of phones, according to security vendor Trend Micro.

The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with spam SMS messages, and pull the content in those messages from the malicious website.

"In short, it appears to be a botnet for mobile phones," wrote Jonathan Leopando of the Trend Micro technical communications team in a blog post on Wednesday.

However, the malware itself is classified as low risk, with a low distribution potential, according to a Trend Micro analysis.

Leopando added that there may be a problem with digital signing by the Symbian Foundation. Digital signatures, which are cryptographic security features, are designed to provide a level of certainty that a message or piece of software actually comes from the organisation it appears to have come from.

However, Leopando wrote in the blog post that SYMBOS_YXES.B was similar to another phone malware that Trend Micro detects as SYMBOS_YXES.A, and that both pieces of malware had been signed by Symbian Foundation.

"The signing process — undertaken by the Symbian Foundation itself — is supposed to ferret out instances like this, but somehow this slipped through," wrote Leopando. "It may well be a coincidence, but it does not reinforce confidence in the signing system."

The Symbian Foundation had not responded to a request for comment at the time of writing.