F-Secure
Tools
Blankfont.A
| Name : | Blankfont.A |
| Category: | Malware |
| Type: | Trojan |
| Platform: | SymbOS |
Summary
Blankfont.A is a SIS file trojan that installs a corrupted Font file.
Disinfection
Disinfection
F-Secure Mobile Anti-Virus can be downloaded from f-secure.mobi.
Disinfection for cases when the phone has been rebooted
• Uninstall the SIS file with which Trojan:SymbOS/Blankfont was installed
• To make sure that uninstallation was successful,
scan your phone with antivirus before rebooting the phone
scan your phone with antivirus before rebooting the phone
F-Secure Mobile Anti-Virus can be downloaded from f-secure.mobi.
Disinfection for cases when the phone has been rebooted
CAUTION! This method will remove all data on the device including calendar and phone numbers
• Power off the phone
• Hold following three buttons down "answer call" + "*" + "3"
• Keep holding the buttons and power on the phone
• Depending on the model, you either get text "formatting" or start-up dialog that asks for initial phone settings
• Your phone is now formatted and can be used again
Additional Details
Trojan:SymbOS/Blankfont.A copies corrupted font files into the phone's memory and thus prevents the phone from loading the valid font files from ROM.
The corrupted font file installed to the phone does not cause device to crash, but if the device is rebooted it will then lose the system font and is unable to display user interface texts.
Any application that the user attempts to use after the reboot works otherwise normally, but does not show any text. This makes most of the applications unusable until the phone is disinfected.
If a phone is infected with Blankfont.A, it must not be rebooted as the trojan will corrupt the system font and will make disinfection quite difficult. If the phone is rebooted it can still be disinfected but doing so is rather difficult as there is no text on the screen.
Spreading Vector
Infection
When the Blankfont.A SIS file is installed, the installer copies its file to the following location:
Panic.gdr is a corrupted font file that replaces the original phone font and breaks the phone's ability to show text.
The corrupted font file installed to the phone does not cause device to crash, but if the device is rebooted it will then lose the system font and is unable to display user interface texts.
Any application that the user attempts to use after the reboot works otherwise normally, but does not show any text. This makes most of the applications unusable until the phone is disinfected.
If a phone is infected with Blankfont.A, it must not be rebooted as the trojan will corrupt the system font and will make disinfection quite difficult. If the phone is rebooted it can still be disinfected but doing so is rather difficult as there is no text on the screen.
Spreading Vector
• Rally_2.sis
Infection
When the Blankfont.A SIS file is installed, the installer copies its file to the following location:
• \system\apps\fonts\Panic.gdr
Panic.gdr is a corrupted font file that replaces the original phone font and breaks the phone's ability to show text.