NEWS FROM THE LAB - Friday, March 18, 2005

Two new Symbian trojans in one day. Posted by Jarno @ 14:30 GMT


Today two new Symbian-based trojans were discovered. They are both now detected with F-Secure Mobile Anti-Virus.

Drever.A is a SIS file trojan that tries to disable two mobile antivirus products: Simworks Anti-Virus and Kaspersky Anti-Virus.

Locknut.B is a new variant of the Locknut trojan family, which disables phone so that it can be disinfected only with a special disinfection tool. However as F-Secure Mobile Anti-Virus detects it with generic detection, it is not a threat to our users.

Also we had an idea of trying Series 60 malware on other Symbian devices, and the results were rather surprising. Neither Cabir nor Commwarrior work on Series 80 (such as Nokia Communicator) or Series 90 (such as Nokia 7710) - but Skulls and Locknut do work!

We tried the Skulls.A trojan on a Series 80 device, and it does cause problems there. Main menu is not disabled, but the trojan does replace icons with pictures of a skull, and the application manager is disabled so disinfection is tricky (as you can't install any applications to do it).

Also we tried Locknut.A on a Series 90 device, and the device was severly impaired by it. After installing Locknut.A, the phone would no longer boot up.

However, Series 60 malware is not a significant threat on other Symbian series devices, as installing them takes even more steps, and the user gets an extra warning that the application will cause errors in the device.

But then again, people are curious. The threat exists while it is small.

Here's a picture of a Nokia 9500 Communicator (Symbian Series 80) after being hit by Skulls:

Nokia 9500 with Skulls