This application requires Javascript for optimal performance.

SymbOS/BkmarkDisabl.A!tr - Released Jul 13, 2010 - Last Updated Jul 26, 2010

Alias/es

BkmarkDisabl.A (NetQin)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • Impossible to access web browser's bookmarks.
  • The following picture is available on the mobile in c:\system\data


Figure 1. Mobile phone infected by SymbOS/BkmarkDisabl.A!tr. The picture says "Xixi(laughter)... your bookmark is dead".

Detailed Analysis

SymbOS/BkmarkDisabl.A!tr affects mobile phones running Symbian OS 7 or 8. It usually poses as an MP3 tool, but instead only disables bookmarks on the mobile phone.


Technical Details


The malware installs the following files on the phone:
  • c:\system\data\11.amr
  • c:\system\data\11.jpg: corresponds to Figure 1
  • c:\system\data\bookmarks1.db: buggy/empty bookmark database which overwrites the mobile phone's bookmarks

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1926474