Detection Availability
| ||||||||||||
Visible Symptoms
| ||||||||||||
Detailed AnalysisThis is a minor variant of SymbOS/Appdisabler.D!tr. This Symbian trojan destroys a large list of s60 applications. It may be installed on the device from a .SIS file named Raghu.sis. Upon execution, the program warns us we are about to install a non-secured application; if we decide to continue, the trojan infects the system.
The infection scheme is basic but efficient: it overwrites original .app files with its own dropped files. The installer .sis file itself is malicious, not the dropped files - they only contain a few bytes. Destroyed application ranges from sms-related to mp3 to photo etc.. - very similarly to Appdisabler.C. Note that it will only destroys programms installed on the same drive. As a test, we installed "FExplorer" and "Screenshot" on drive e: but the trojan on drive c: and we are still able to access the two installed apps on drive e, they have not been overwritten
It also drops these files on the system:
Text files contains greetings from the author and warn the user not to install the trojan. The .jpg contains a photo of the author with sunglasses. Finally, the Trojan creates these files on the c: drive:
Miscellaneous
| ||||||||||||
Recommended Action
FortiGate systems: |