ZDNet UK

CBS INTERACTIVE UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

You are here: ZDNet.co.uk > News > Security

Mobile devices Toolkit

Symbian phones targeted by 'Skulls' Trojan

Published: 22 Nov 2004 09:05 GMT

Virus writers are targeting Symbian-based mobile phones with a Trojan horse that kills off system applications and replaces their icons with images of skulls.

The program, dubbed "Skulls" by antivirus companies, is disguised as a theme manager for Nokia phones in the Symbian Installation System format, said Mikko Hyppönen, director of antivirus research for software maker F-Secure.

Only a few people have managed to run across the program on the Web and then downloaded and run the Trojan horse, he said.

"We are not talking about a huge amount of infected people, and it is not a virus, so it is not spreading," Hyppönen said.

The program is the latest threat to affect mobile phones and PDAs. Earlier this month, a program called Delf infected PCs in Russia in order to send spam to mobile phone users . Two other malicious programs -- Mosquito and Cabir -- were also aimed at infecting phones that use the Symbian operating system. The creators of Cabir even created a version that attempts to infect Windows CE devices.

Like the latest threat, none of the mobile phone attacks have yet amounted to much.

When run, the Skulls program breaks all the links to Symbian system applications and replaces the icons with images of skulls. Third-party applications are not affected, Hyppönen said, allowing users that have installed a non-Symbian file manager to actually find and delete the malicious program files, cleaning the phone.

For users that have no third-party file manager, the only current fix appears to be a hard reset, which will leave the phone in its default factory condition. Unfortunately, this fix will also delete any user data.

"In practice, it is difficult to clean the phone," Hyppönen said. "You can't go online, you can't download fixing programs, you can't beam anything to the phone."

While the program can cause some headaches, it is not a significant threat.

Still, it is a signpost indicating the direction that virus writers could be headed, said Vincent Weafer, senior director for security response at Symantec.

"It does no permanent damage," he said. "But it does mean that people are investing time in investigating the possibilities" for infecting and damaging mobile phones, he said.