1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan:SymbOS/Kiazha

Trojan:SymbOS/Kiazha

Name : Trojan:SymbOS/Kiazha
Category:Malware
Type:Trojan
Platform:SymbOS
Date of Discovery:March 06, 2008

Summary

Kiazha is a trojan that operates on Symbian Series 60 2nd Edition devices.

Trojan:SymbOS/Kiazha is a trojan that attempts to ransom money from the user of the device.

It is distributed as a component of Trojan:SymbOS/MultiDropper.A.

Disinfection

Disinfecting using F-Secure Mobile Anti-Virus
  • Download F-Secure Mobile Anti-Virus from http://f-secure.mobi
and activate the Anti-Virus
  • Scan the phone and remove any components of the malware
  • Reboot the phone to remove memory resident components

Additional Details

The following details describe variant Kiazha.A.

Infection

Trojan:SymbOS/Kiazha.A is a Trojan that is dropped onto compromised devices by Trojan:SymbOS/Multidropper.A.

When the trojan is installed, it creates the following files:

  • %DriveLetter%\system\data\appmab.cfg
  • %DriveLetter%\system\data\appman.exe
  • %DriveLetter%\system\data\zn1314.db
  • %DriveLetter%\system\name\name.dat
  • %DriveLetter%\system\Programs\Netqin.exe
  • %DriveLetter%\system\recogs\appmae.mdl
  • %DriveLetter%\system\recogs\Netqins.mdl
  • %DriveLetter%\system\zn1314\sq.exe

Payload

  • Sends an SMS without user permission to the number 17001002.
The message will register a new QQ instant messaging account for the user.
  • Forwards SMS messages to the number defined in a data file (appmab.cgf).
Messages contain information (Symbian OS version & IMEI etc.) stored in file (name.dat)
  • Deletes any sent or received SMS messages.
  • Displays the offer to fix the user’s phone for a small fee.
(Warning your handset is infected. Please prepare 50 juan and then contact QQ number QQ766566889)