Today we received a sample of new Symbian trojan Doomboot.A that drops Commwarrior.B and breaks the phone so that it does not boot anymore.
While other trojans have dropped several different Cabir variants, Doomboot.A is the first known trojan that drops Commwarrior. And also the technique used to break the phone is new.
What makes Doomboot troubling is the unpleasant combination of Doomboot and Commwarriors effects on the phone. The Doomboot.A causes the phone not to boot anymore and Commwarrior causes so much Bluetooth traffic that the phone will run out of battery in less than one hour. Thus the user who gets his phone infected with Doomboot.A has less than one hour to figure out what is happening and disinfect his phone, or he will lose all data.
And what makes matters worse is that the Doomboot.A installation does not give any obvious clues that something is wrong, and Commwarrior.B does not have icon and is not visible in the process list. So the installation of Doomboot.A looks very much like failed installation of pirate copied game, and user has hard time noticing that something bad is happening.
If the users phone runs out of battery or user switches off the phone, the phone can be recovered with special hard format key combination. So the actual phone hardware is not damaged by the trojan. But formatting the phone will lose all data.
If user has installed the Doomboot.A it can be easily disinfected with F-Secure Mobile Anti-Virus or with manual disinfection instructions in the Doomboot.A description
Like most of the Symbian trojans Doomboot.A also pretends to be a pirate copied Symbian game. So people who don't download and install pirate copied games or applications are safe from nasty surprises.