|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan:SymbOS/Kiazha
|
|
|
| Radar |
 |
|
|
|
Summary
|
Kiazha is a trojan that operates on Symbian Series 60 2nd Edition devices.
Trojan:SymbOS/Kiazha is a trojan that attempts to ransom money from the user of the device.
It is distributed as a component of Trojan:SymbOS/MultiDropper.A. |
|
|
|
Disinfection
|
Disinfecting using F-Secure Mobile Anti-Virus
- Download F-Secure Mobile Anti-Virus from http://f-secure.mobi
and activate the Anti-Virus - Scan the phone and remove any components of the malware
- Reboot the phone to remove memory resident components
|
|
|
|
Detailed Description
|
The following details describe variant Kiazha.A.
Infection
Trojan:SymbOS/Kiazha.A is a Trojan that is dropped onto compromised devices by Trojan:SymbOS/Multidropper.A.
When the trojan is installed, it creates the following files:
- %DriveLetter%\system\data\appmab.cfg
- %DriveLetter%\system\data\appman.exe
- %DriveLetter%\system\data\zn1314.db
- %DriveLetter%\system\name\name.dat
- %DriveLetter%\system\Programs\Netqin.exe
- %DriveLetter%\system\recogs\appmae.mdl
- %DriveLetter%\system\recogs\Netqins.mdl
- %DriveLetter%\system\zn1314\sq.exe
Payload
- Sends an SMS without user permission to the number 17001002.
The message will register a new QQ instant messaging account for the user. - Forwards SMS messages to the number defined in a data file (appmab.cgf).
Messages contain information (Symbian OS version & IMEI etc.) stored in file (name.dat) - Deletes any sent or received SMS messages.
- Displays the offer to fix the user’s phone for a small fee.
(Warning your handset is infected. Please prepare 50 juan and then contact QQ number QQ766566889) |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: March 11, 2008
|
|
|
|
|
