This application requires Javascript for optimal performance.

SymbOS/Flexispy.B!tr.spy - Released Jan 24, 2007 - Last Updated Jan 25, 2007

Alias/es

SymbOS/Flexispy.B!tr, Trojan-Spy.SymbOS.Flexispy.b

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • The following files exist:
    • !:/system/apps/system/phones/flkcpr.exe
    • !:/system/apps/system/phones/fxmonitor.dll
    • !:/system/apps/system/phones/fxs.app
    • !:/system/apps/system/phones/fxs.rsc
    • !:/system/apps/system/phones/fxs_caption.rsc
    • !:/system/apps/system/phones/fxsmon.exe
    • !:/system/apps/system/phones/images.mbm
    • !:/system/apps/system/phones/monunins.exe
    • !:/system/programs/fcex.exe
    • !:/system/recogs/fslrecog.mdl

    • Detailed Analysis

  • It is a Symbian virus, packed in .sis format.

  • Displays the following message prompting the user to install:
    Install FlexiSPY?
  • Drops the following files:
    • !:/system/apps/system/phones/flkcpr.exe (detected as SymbOS/Flexispy.B!tr.spy)
    • !:/system/apps/system/phones/fxmonitor.dll (detected as SymbOS/Flexispy.B!tr.spy)
    • !:/system/apps/system/phones/fxs.app (detected as SymbOS/Flexispy.B!tr.spy)
    • !:/system/apps/system/phones/fxs.rsc
    • !:/system/apps/system/phones/fxs_caption.rsc
    • !:/system/apps/system/phones/fxsmon.exe (detected as SymbOS/Flexispy.B!tr.spy)
    • !:/system/apps/system/phones/images.mbm
    • !:/system/apps/system/phones/monunins.exe
    • !:/system/programs/fcex.exe
    • !:/system/recogs/fslrecog.mdl (detected as SymbOS/Flexispy.B!tr.spy)
  • Once this SIS package is installed, the following files are executed in the background as system tasks:
    • flkcpr.exe
    • fxs.app
    • fxsmon.exe
    These files log phone activities such as calls, SMS messages, MMS messages and emails. The gathered information are then sent to the following server:
    • http: //www.{REMOVED}.com/factivation_mcli/cmd/productactivate
    A remote user may then access the gathered information over the internet.

  • The file fslrecog.mdl  serves as an autostart mechanism for the above three files.

    • Recommended Action

  • Terminate the following three processes using the task manager:
    • flkcpr.exe
    • fxs.app
    • fxsmon.exe
  • Delete all the dropped files using a file manager program or an AV software for mobile devices.

    • Reference: ID - 328341