Threat Description

Trojan:​SymbOS/Bootton.A

Details

Aliases:Trojan:​SymbOS/Bootton.A, Trojan:​SymbOS/Bootton.A, SymbOS/Bootton.A
Category:Malware
Type:Trojan
Platform:SymbOS

Summary



Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.



Removal



Disinfection with two Series 60 phones

Download the F-Skulls tool either onto a computer or directly to the phone :

  • Install F-Skulls.sis into infected phones memory card with a clean phone
  • Put the memory card with F-Skulls into the infected phone
  • Start up the infected phone, the application menu should work now
  • Press menu button until you get Symbian process menu, look for any applications with heart icon. Kill the application processes with 'C' button.
  • Go to application manager and uninstall the SIS file in which you installed the Bootton.A
  • Download F-Secure Mobile Anti-Virus from http://mobile.f-secure.com and activate the Anti-Virus
  • Scan the phone and remove any remaining components of Bootton.A
  • Remove the F-Skulls with application manager as the phone is now clean.


Technical Details



Bootton.A is a trojan distributed by Trojan:SymbOS/Onehop.A over Bluetooth as a malicious SIS file named 'ILoveU.sis'.

Bootton.A is structurally quite similar to Trojan:SymbOS/Skulls. It replaces built in and third party applications with component that causes device to reboot when executed.

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

Execution

On installation, Bootton.A installs small component that resets the device if executed, this component is installed into locations where it replaces system and third party applications.

Bootton.A disables most of critical system functions and third party file managers. It also uses an application that causes device to reboot. If a device is infected with Bootton.A, pressing the menu button or any system application button will immediately reboot the device.

Only making and answering calls on the phone works. Other functions that need some system application such as SMS and MMS messaging, web browsing and using camera no longer work.Even if the device wouldn't immediately reboot, it is still unusable before it is disinfected.

Like Skulls.A, Bootton.A replaces the application icons with its own icon, which is a heart icon with the text "I-Love-U"

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

The modified Cabir file installed by Bootton does not get executed automatically, and even if started by user, it is unable to send anything as the file it is trying to send does not exist on the system.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Keep your mobile device protected

F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it

Learn More