Virus

SymbOS/Mquito.A!tr

Analysis


Specifics
This proof-of-concept dialer Trojan is coded for Nokia series 60 phones and uses SMS to dial pay-per-text numbers. This Trojan will only exist on Symbian-based phones if the user downloads and installs the Trojanized version of the game "Mosquito" (aka Mosquito v2.0).

It is coded for Symbian OS and ARM processors - the Trojan exists as the file "Mosquitos.app", and when installed it is in this location -

!:\system\apps\Mosquitos\Mosquitos.app

The Trojanized version may exist on P2P file sharing environments or other web sites within an installation file "Mosquitos.sis", with a file size of 140,597 bytes. Extracted, the Mosquito application is 267,852 bytes.

"Mosquito" is a game which enables the player to clobber the same named insect incorporating use of the camera built into the applicable phone. The game runs on Symbian-based phones. During game-play, the Trojan may send SMS messages to any of these pay-per-text numbers -

4636
9222
33333
87140


Miscellaneous
This Trojan contains comments which are not displayed on the phone but exist in the code body -

This version has been
cracked by
SODDOM BIN LOADER
No rights reserved.

Pirate copies are illegal
and offenders will have
lotz of phun!!!


Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
  • Do not accept unsolicited applications which may be received by Infrared or other means