F-Secure
Tools
Trojan:SymbOS/Kiazha
| Name : | Trojan:SymbOS/Kiazha |
| Category: | Malware |
| Type: | Trojan |
| Platform: | SymbOS |
| Date of Discovery: | March 06, 2008 |
Summary
Kiazha is a trojan that operates on Symbian Series 60 2nd Edition devices.
Trojan:SymbOS/Kiazha is a trojan that attempts to ransom money from the user of the device.
It is distributed as a component of Trojan:SymbOS/MultiDropper.A
.Disinfection
Disinfecting using F-Secure Mobile Anti-Virus
- Download F-Secure Mobile Anti-Virus and activate it
- Scan the phone and remove any components of the malware
- Reboot the phone to remove memory resident components
Additional Details
The following details describe variant Kiazha.A.
Infection
Trojan:SymbOS/Kiazha.A is a Trojan that is dropped onto compromised devices by Trojan:SymbOS/Multidropper.A.
When the trojan is installed, it creates the following files:
- %DriveLetter%\system\data\appmab.cfg
- %DriveLetter%\system\data\appman.exe
- %DriveLetter%\system\data\zn1314.db
- %DriveLetter%\system\name\name.dat
- %DriveLetter%\system\Programs\Netqin.exe
- %DriveLetter%\system\recogs\appmae.mdl
- %DriveLetter%\system\recogs\Netqins.mdl
- %DriveLetter%\system\zn1314\sq.exe
Payload
- Sends an SMS without user permission to the number 17001002.
The message will register a new QQ instant messaging account for the user. - Forwards SMS messages to the number defined in a data file (appmab.cgf).
Messages contain information (Symbian OS version & IMEI etc.) stored in file (name.dat) - Deletes any sent or received SMS messages.
- Displays the offer to fix the user’s phone for a small fee.
(Warning your handset is infected. Please prepare 50 juan and then contact QQ number QQ766566889)