| Release Date | Oct 21, 2009 |
| Detection Availability | Current Antivirus Definition Database Version: 12.196 | | Description | Visible SymptomsRunning this spyware may lead to some of the following symptoms:
- the phone sends several SMS or MMS
- battery loss due to intensive camera usage
- memory consumption due to screenshots taken by the spyware
Detailed AnalysisSpy/PhotoSpy!SymbOS is a spyware for Symbian OS 7 and 8. It turns the phone into a camera surveillance device. When motion is detected, the phone automatically takes a picture and stores it on the phone (or memory card). Additionally, the spyware may send a warning SMS or MMS to a configurable phone number.
This spyware's behaviour is borderline. There may be situations for which the application is legal, but, on the other hand, if installed without user's consent, it obviously threatens privacy, so end-users or systems administrators may want to ban it from their phone/networks.
Technical Details
The spyware installs without any problem on Symbian OS 7 and 8 phones. Once installed, the application is listed among phone's applications. The application is ready to configure.
Several settings are available, such as image's quality or where to store images. An image is taken each time the application detects a difference in images greater than a given percentage (this is a motion detection mechanism). The higher the percentage is, the less often pictures are taken and hence the application consumes less memory. It is also possible to set the maximum number of pictures the application will ever store (so as not to fill the entire file system).
 |
 |
| Figure 1. Configuration menus of the spyware |
Figure 2. General settings menu |
When a picture is taken, the spyware may be configured to send it by MMS to a configurable phone number. The message's title is "From PhotoSpy!" and it includes the shot. Some versions of the spyware also support SMS alerts: an SMS is sent every few pictures. The text of the SMS is "From PhotoSpy!".
Once configured, the spyware must be activated so that it starts its surveillance work.
Figure 3. The spyware is running.
The spyware drops the following files:
- system/apps/photospy/dllimgman.dll
- system/apps/photospy/photospy.aif
- system/apps/photospy/photospy.app; this is the main application
- system/apps/photospy/photospy.dat
- system/apps/photospy/photospy.rsc: resources
- system/apps/photospy/photospy_caption.rsc: application's name
The pictures are stored in C:\Nokia\Images or e:\images with name PhotoSpyXXXX.jpg where XXXX is a four digit number.
|
Description Last Updated Date: Oct 23, 2009
Reference: ID - 1083765
|