|
Details:
This Symbian malware may be downloaded unknowingly by a user when visiting malicious Web sites.
It is a Symbian Information Source (SIS) file that collects the following information on the affected mobile device:
- Phone identification
- Subscriber identification
- Network Information
Upon execution, it displays the following image prompting the user to install the malicious software.
It then drops the following components:
- C:\sys\bin\Installer_0x20026CA6.exe - installer component
- C:\sys\bin\AcsServer.exe - detected as SYMBOS_YXES.B
- C:\private\101f875a\import\[20026CA5].rsc - allows startup of AcsServer.exe upon turning on the device.
It remains running in the background and attempts to connect to the Internet and from there can get possible messages, which it can spam and send to contacts found in the compromised device.
It may also compose messages that can be part of its spamming routine.
It also terminates the following processes if found running in the system:
- AppMngr
- TaskSpy
- Y-Tasks
- ActiveFile
- TaskMan
Part of its lure to the users is the Supplier information, which points to "Playboy".
It affects mobile devices running the Symbian operating system.
Analysis By: Michael Cabel Updated By: Jessa De La Torre
For additional information about this threat, see:
Overview
Solution
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
