F-Secure has identified three China-based companies as the creators of the "Sexy Space" Trojan, which was identified last week to have passed through the Symbian Foundation's digital signing process.
XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Foundation under its Express Signing program, the security vendor said Wednesday in a statement.
Developers are required to submit mobile applications to the Symbian Foundation for evaluation, before the applications are accepted and enabled for handsets running the Symbian operating system. The apps are first automatically scanned for viruses, after following random samples are submitted for human audit. Sexy Space had not been subjected to human scrutiny, Symbian's chief security technologist Craig Heath said last week.
F-Secure's senior security response manager, Chia Wing Fei, explained that the Trojan would have allowed attackers to simply send a link via text message to a malicious Web site, and prompt the mobile recipient to download the worm. Once the malware is installed, it sends similar text messages to all contacts listed on the phone.
"These messages are sent in your name and from your phone," said Chia. "It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you [$25]."
According to F-Secure, this is the first identified text message worm. The company added that while the problem is currently not widespread, to date, there has been a few confirmed reports in China and the Middle East.
All Symbian Series 60 third-edition phones by Nokia, LG and Samsung are potential targets of the malware, including popular models such as Nokia N95 and Nokia E71, said F-Secure. The Symbian platform is used in just under 50 percent of all smartphones.