This application requires Javascript for optimal performance.

WinCE/Terdial.A!tr.dial - Released Apr 09, 2010 - Last Updated Apr 12, 2010

Alias/es

Trojan.WinCE.Terdial.a (KAV)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

Abnormally high bill due to calling international phone numbers.

Detailed Analysis

This malware affects Windows Mobile 6 Professional devices.

It poses as an online game, named Antiterrorist 3D, but silently places calls to international phone numbers (at the victim's expense).



Technical Details


This Trojan is typically contained in a CAB file named antiterrorist3d.cab.

At first, the malware installs an executable named smart32.exe, in the Windows directory, on the Windows Mobile device. Then, it schedules to run that executable in approximately 3 days (+/- 6 hours).
Approximately 3 days later, the smart32.exe executable runs and places 6 calls to international phone numbers, waiting for 50 seconds between each sending. Those phone numbers are located in various countries around the world, and some of them are valid in several countries. Cost depends on the victim's operator, but turn out to be quite substantial.

The malware then re-schedules to be run in one month (at that time, it will, again, send 6 SMS messages).

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1742812