Kiazha is a trojan that operates on Symbian Series 60 2nd Edition devices.
Trojan:SymbOS/Kiazha is a trojan that attempts to ransom money from the user of the device.
It is distributed as a component of Trojan:SymbOS/MultiDropper.A.
Disinfection
Disinfecting using F-Secure Mobile Anti-Virus
• Download F-Secure Mobile Anti-Virus from http://f-secure.mobi and activate the Anti-Virus
• Scan the phone and remove any components of the malware
• Reboot the phone to remove memory resident components
Additional Details
The following details describe variant Kiazha.A.
Infection
Trojan:SymbOS/Kiazha.A is a Trojan that is dropped onto compromised devices by Trojan:SymbOS/Multidropper.A.
When the trojan is installed, it creates the following files:
• %DriveLetter%\system\data\appmab.cfg
• %DriveLetter%\system\data\appman.exe
• %DriveLetter%\system\data\zn1314.db
• %DriveLetter%\system\name\name.dat
• %DriveLetter%\system\Programs\Netqin.exe
• %DriveLetter%\system\recogs\appmae.mdl
• %DriveLetter%\system\recogs\Netqins.mdl
• %DriveLetter%\system\zn1314\sq.exe
Payload
• Sends an SMS without user permission to the number 17001002. The message will register a new QQ instant messaging account for the user.
• Forwards SMS messages to the number defined in a data file (appmab.cgf). Messages contain information (Symbian OS version & IMEI etc.) stored in file (name.dat)
• Deletes any sent or received SMS messages.
• Displays the offer to fix the user’s phone for a small fee. (Warning your handset is infected. Please prepare 50 juan and then contact QQ number QQ766566889)