This application uses the phone's camera as a surveillance device, and automatically sends emails, SMS or MMS messages to a configurable phone number if the camera detects movement. Alternatively, it can also play a sound or store multiple screenshots, record sounds close to the phone or phone calls.
Obviously, this application may threaten the end-user's privacy, particularly if it is installed by an attacker with user's consent. This is why it is classified at as a spyware.
The spyware installs without any problem on Symbian OS 7 or 8. Its name is "Spy!". A new application icon appears on the phone. The spy must then configure the spyware: several configuration options are available (see Figures 1 and 2).
|Figure 1. Configuring motion detection||Figure 2. Configuring recording|
Once the spyware is configured, the spy must activate the tool (menu choice). The spyware will then starts its work. Figure 3 lists images taken when motion is detected. Those images are stored locally on the device and optionally sent by MMS or e-mail. Figure 4 shows a typical screenshot.
|Figure 3. Motion is detected: screenshot listing.||Figure 4. Typical screenshot sent by MMS|
The spyware drops or uses the following files:
- !:\system\apps\spy\spy.app: the main application
- !:\system\apps\spy\Inbox: screenshots are stored in this directory
- C:\System\Data\Spy.ini: the spyware's configuration file
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.