Trojan.Mquito is cracked version of game that runs on Symbian
Series 60 devices. The game contains functionality that will
send SMS message to certain number each time when the game is started.
The Trojan.Mquito is not a trojanized version of the game, the hidden
SMS functionality was put in the game from the beginning by the
original manufacturer.
This functionality was supposed to be some kind of a copy-protecting
technique, but it didn't work right and the whole functionality backfired.
According to the manufacturer, the premium rate contract for the receiving
phone numbers has been terminated, so although old versions of the game
still send hidden SMS messages, it only costs the nominal fee of sending
the message itself.
Current versions of this game no longer have this hidden functionality,
but "cracked" versions of Mosquitos still float in P2P network - and
they still send these messages.
The SMS sending version of the game can still be identified by the message
it shows when the game starts.
The original version will display following text, which varies a bit depending
on the region.
UK VERSION This version is for the UK market only and does not work
outside the United Kingdom. Pirate copies are illegal and offenders
will be prosecuted.
The trojan version will display following modified text:
FREE VERSION This version has been cracked by SODDOM BIN LOADER
No rights reserved. Pirate copies are illegal and offenders will
have lotz of phun!!!
The difference in message has been done by modifying strings inside the game
binary. The difference in the messages is the only difference between cracked
and original version that we have been able to determine.
Needless to say that the 'trojan' version of the game can be found only
from pirated sources. So installing such program is not recommended in
the first place, as any copy that contains the SMS routine is an illegal
copy.
Disinfection with Anti-Virus for Symbian OS
F-Secure Anti-Virus for Symbian Series 60 detects the game binary and prevents
it from executing. You can delete the game file by instructing Anti-Virus
to delete detected files.
Manual disinfection
Uninstall the game with Symbian Application manager
Installation to system
The game is downloaded in Symbian installation SIS package,
from where user has to install the
the game manually.
Spreading in
The Mquito is distributed as cracked version of game Mosquitos in pirate
channels, such as P2P file share networks.
Payload
When the Mquito is run it will show the dialog containing message from
cracker and send SMS message to premium rate number. After sending
the message the game will start normally.
The SMS sending routine is built into the binary by game developers,
not inserted by crackers
The message is sent only when the game starts, and the sending routine
will not be called before the Mquito is started second time.
Writeup:
Jarno Niemela, August 11th, 2004
Description Updated:
Jarno Niemela, August 12th, 2004
F-Secure Corporation
![](/images/pixel.gif"){kind=tracking}
