F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Contact Us

F-Secure Trojan Information Pages : Cardtrap.P

[Summary] | [Disinfection] | [Detailed Description] | [Detection]

Name:Cardtrap.P
Category:Trojan
Platform:SymbOS
Date of Discovery:January 22, 2006

Summary

Cardtrap.P is Symbian SIS file trojan that disables several Symbian built in applications, tries to damage several 3rd party applications and installs Windows trojan to the memory card.

The Windows malware installed to memory card is installed with icon, batch file and short cut link, that try to fool user to execute a malicious file when he is trying to investigate the card contents.

The files that Cardtrap.P drops to the memory card, contains several references to F-Secure and some files are with F-Secure icons. But F-Secure has nothing to do with creation of Cardtrap or any other malware.

Disinfection

Disinfection with Anti-Virus

  1. Download F-Secure Mobile Anti-Virus to your phone from http://www.f-secure.com/wireless/download/
  2. Install the Anti-Virus to your phone over USB cable
  3. Start and activate the Anti-Virus
  4. Scan your phone to remove infected files
  5. Use application manager to uninstall the file in which you installed Cardtrap.P.


Back to the Top


Detailed Description

Spreading in “Half Life 2 - Gameloft .sis”

Installation to the phone

Cardtrap.P tries to disable key system applications and 3rd party products by installing several damaged files to the phone memory

Cardtrap.P tries to disable following system applications:

  • Application manager
  • Browser
  • Calendar
  • File manager
  • Bluetooth manager
  • MMS and SMS messaging inbox

Cardtrap.P installs following Symbian malware:

  • SymbOS/Pbstealer.C

F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.P with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.P is blocked before it can be installed.

Installation to the MMC card

Cardtrap.P installs Trojan.BAT.KillAV.cg Windows trojan to the phone MMC card. Trojan is installed with filename, icon and shortcut link to contacts, that try to fool user into clicking them.


Back to the Top


Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 57.


Back to the Top


Write-up: Mika Tolvanen

Technical Details: Mika Tolvanen, January 24, 2006

Description Updated: Mika Tolvanen, January 24, 2006

F-Secure Corporation