Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28518
  • Total Topics: 8240
  • Online Today: 1026
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Phone Trojan 'has botnet features' (SYMBOS_YXES.B, ACSServer.exe, Sexy Space)  (Read 3042 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A piece of mobile malware has the capacity to enable a hacker to build a botnet of phones, according to security vendor Trend Micro.

The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with spam SMS messages, and pull the content in those messages from the malicious website.

"In short, it appears to be a botnet for mobile phones," wrote Jonathan Leopando of the Trend Micro technical communications team in a blog post on Wednesday.

However, the malware itself is classified as low risk, with a low distribution potential, according to a Trend Micro analysis.

Leopando added that there may be a problem with digital signing by the Symbian Foundation. Digital signatures, which are cryptographic security features, are designed to provide a level of certainty that a message or piece of software actually comes from the organisation it appears to have come from.

However, Leopando wrote in the blog post that SYMBOS_YXES.B was similar to another phone malware that Trend Micro detects as SYMBOS_YXES.A, and that both pieces of malware had been signed by Symbian Foundation.

"The signing process — undertaken by the Symbian Foundation itself — is supposed to ferret out instances like this, but somehow this slipped through," wrote Leopando. "It may well be a coincidence, but it does not reinforce confidence in the signing system."

The Symbian Foundation had not responded to a request for comment at the time of writing.

(ZDnet)

Samker's Computer Forum - SCforum.info





fireballgonzales

  • SCF Member
  • **
  • Posts: 24
  • KARMA: 7
Hello,

If it is indeed signed by the symbian foundation, then they'll have a serious prob on their hands with trust issues and what not.

Do you have sources of transmission of this bot, does a user have to manually download install it, is it received by SMS or Bluetooth? In case it is downloaded, then it has to be hosted somewhere as well :)

Thanks

Fireball

F3RL

  • SCF Advanced Member
  • ***
  • Posts: 171
  • KARMA: 18
  • Gender: Male
Do you have sources of transmission of this bot, does a user have to manually download install it, is it received by SMS or Bluetooth? In case it is downloaded, then it has to be hosted somewhere as well :)

That was a good question and a point,

Maybe they are trying to make money out of it, selling antivirus software specially built for phones..
Just like how the first virus was made and intended for.. that was my guess,
please dont get me wrong :)

But, is there any specific targets? as in what kind of phone it is targeted to? iPhone?
well? understand ma bad English.

fireballgonzales

  • SCF Member
  • **
  • Posts: 24
  • KARMA: 7
Well, we are posting good questions, but the topic seems to be vague for most people, I came across this post on http://www.symbian-guru.com with regards to viruses for the symbian foundation.

http://www.symbian-guru.com/welcome/2009/08/symbian-speaks-out-against-smobile-study.html

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising