SymbOS/Feak.A!worm - Released Mar 25, 2009 - Last Updated Mar 26, 2009
|
Alias/esTrojan.SymbOS.Feak.a (KAV), Symb/Keaf-A (Sophos), SYMBOS_FEAKS.A (Trend), SymbOS.Worm.Keaf.A (BitDefender) |
Detection Availability
|
Visible SymptomsSMS messages are sent to all existing contacts from the infected mobile phone. |
Detailed AnalysisThis Symbian worm propagates via SMS messages embedding links to a copy of the worm
Upon execution, it drops the following files:
- !:\system\apps\feakk.exe
- !:\system\recogs\feakk.mdl
the file feakk.mdl is used to automatically execute the exe component when the infected mobile phone is turned on.
It enumerates the list of contacts of the infected mobile phone and then sends an SMS message to each of them. The SMS message is as follows:
hey [Contact Name] check this link out
http://www.cs.{REMOVED}.edu/%7efeakk/feakk.zip
bye!
|
The link is invalid as of writing.
|
Recommended ActionReboot the phone and delete the file with a file manager application - or run FortiClient Mobile Security. |
