F-Secure Trojan Information Pages : Cardtrap.R [Summary] | [Disinfection] | [Detailed Description] | [Detection] Name: Cardtrap.R Category: Trojan Platform: SymbOS Date of Discovery: January 22, 2006 Summary Cardtrap.R is Symbian SIS file trojan that disables several Symbian built in applications, tries to damage some 3rd party applications and installs Windows malware to the memory card. The files that Cardtrap.R drops to the memory card, contains several references to F-Secure. But F-Secure has nothing to do with creation of Cardtrap or any other malware. Disinfection Download F-Secure Mobile Anti-Virus to your phone from http://www.f-secure.com/wireless/download/ Install the Anti-Virus to your phone over USB cable Start and activate the Anti-Virus Scan your phone to remove infected files Use application manager to uninstall the file in which you installed Cardtrap.R Back to the Top Detailed Description Spreading in “RealPlayer v01.00.sis” Installation to the phone Cardtrap.R tries to disable key system applications and 3rd party products by installing several damaged files to the phone memory Cardtrap.R tries to disable following system applications: Application installer Application manager Camera Calculator Menu Notepad Phonebook File manager Bluetooth manager MMS and SMS messaging inbox ToDo list Cardtrap.R installs following Symbian malware: SymbOS/Pbstealer.C SymbOS/Cardtrap.Q F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.R with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.R is blocked before it can be installed. Installation to the MMC card Cardtrap.R installs Windows malware Trojan.BAT.Agent.a to the phone MMC card. Back to the Top Detection F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 58. Back to the Top Write-up: Mika Tolvanen Technical Details: Mika Tolvanen, January 25, 2006 Description Updated: Mika Tolvanen, February 7, 2006 F-Secure Corporation