SymbOS/Acallno.A!tr.spy - Released Apr 23, 2009 - Last Updated Jun 26, 2009
|
Alias/esTrojan-Spy.SymbOS.Acallno.a (KAV), SymbOS/Acallno application (McAfee) |
Detection Availability
|
Visible SymptomsAbnormally high phone bill.
The following files exist:
- !:\System\recogs\s60syss.mdl
- !:\System\Apps\s60system.exe
|
Detailed AnalysisThis malware is a limited version of SymbOS/Acallno.B!tr.spy. It provides only two of its functionalities:
- Forwarding incoming and outgoing SMS messages to a pre-determined phone number
- List missed/incoming/outgoing phone calls
The following message is shown on the screen during the installation:
Figure 1: Trojan message displayed.
|
Upon installation, the malware drops a subset of the files dropped by SymbOS/Acallno.B!tr.spy:
- !:\System\recogs\s60syss.mdl
- !:\System\Apps\s60system.exe
- !:\System\Apps\[IMEI].ini:
Please refer to SymbOS/Acallno.B!tr.spy for the description of the files.
These dropped files are installed on the drive the user selects when he/she installs the malware. This is usually c: (phone memory) or e: (memory card).
|
Recommended ActionDelete the files with a file manager application - or run FortiClient Mobile Security. |
