Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Blankfont.A
[Summary] | [Disinfection] | [Detailed Description]

Name : Blankfont.A
Alias:SymbOS/Blankfont.A, Trojan:SymbOS/Blankfont.A
Type:Trojan
Category:Malware
Platform:SymbOS
Radar

Summary
Blankfont.A is a SIS file trojan that installs a corrupted Font file.
Back to the Top

Disinfection

Disinfection

  1. Uninstall the SIS file with which Trojan:SymbOS/Blankfont was installed
  2. To make sure that uninstallation was successful,
    scan your phone with antivirus before rebooting the phone

F-Secure Mobile Anti-Virus can be downloaded from f-secure.mobi.


Disinfection for cases when the phone has been rebooted

CAUTION! This method will remove all data on the device including calendar and phone numbers

  1. Power off the phone
  2. Hold following three buttons down "answer call" + "*" + "3"
  3. Keep holding the buttons and power on the phone
  4. Depending on the model, you either get text "formatting" or start-up dialog that asks for initial phone settings
  5. Your phone is now formatted and can be used again
Back to the Top

Detailed Description
Trojan:SymbOS/Blankfont.A copies corrupted font files into the phone's memory and thus prevents the phone from loading the valid font files from ROM.

The corrupted font file installed to the phone does not cause device to crash, but if the device is rebooted it will then lose the system font and is unable to display user interface texts.



Any application that the user attempts to use after the reboot works otherwise normally, but does not show any text. This makes most of the applications unusable until the phone is disinfected.



If a phone is infected with Blankfont.A, it must not be rebooted as the trojan will corrupt the system font and will make disinfection quite difficult. If the phone is rebooted it can still be disinfected but doing so is rather difficult as there is no text on the screen.

Spreading Vector

  • Rally_2.sis

Infection

When the Blankfont.A SIS file is installed, the installer copies its file to the following location:

  • \system\apps\fonts\Panic.gdr

Panic.gdr is a corrupted font file that replaces the original phone font and breaks the phone's ability to show text.
Back to the Top



F-Secure Corporation

Last Modified: September 06, 2007