NEWS FROM THE LAB - Friday, May 18, 2007

New For-Profit Symbian Trojans Posted by Jarno @ 12:46 GMT


Yesterday we received a couple interesting cases from our partner. Three new for-profit SMS trojans that affect Symbian S60 2nd Edition and older devices.

The Viver family of trojans claim to be utility programs for Symbian phones. They have been uploaded to at least one popular file sharing site in the hopes that people will download and install them.

After installation, the Viver trojans immediately start sending SMS messages to premium-rate numbers. The messages are sent with proper international area codes, so they are able to reach the correct destination even when activated outside Russia.

We've already seen for-profit malware in mobile devices: Wesber.A and Redbrowser are Java Midlet trojans that try to send messages to Russian premium-rate numbers. But these trojans require user acceptance per each message and are able to send messages correctly only inside Russia.

But as the Viver family is more advanced and is able to operate anywhere, we find this development worrisome. Prior to 2003 there was little for-profit malware on the PC platform, and now almost all malware is written for one or other profit motivation. It is very likely that more for-profit malware will also appear on mobile platforms.

All three Viver variants are detected with F-Secure Mobile Anti-Virus.

For more information on Viver see Viruslist.com's: Analyst's Diary.