This is one of those things that go unnoticed until someone comes up with a deviously crafted malware to demonstrate its potential. If you’re on a Windows system, try hitting the SHIFT key five times and you’ll see a dialog box similar to the one below.

The resulting dialog box is an interface to enable the use of StickyKeys, which is a Windows feature to aid handicapped users. There is nothing really wrong with the use of this feature. The only problem is how it is implemented.

You see, when you hit the SHIFT key 5 times, a file called sethc.exe is executed from within the Windows folder. This program is the one responsible for the dialog box that you just saw earlier. Regardless of the content of sethc.exe, Windows would still execute it if the SHIFT key were pressed 5 times. If the original contents of the file were overwritten with malicious code, then the malicious content would be executed once the SHIFT key is pressed 5 times. This feature provides malware authors with a potential attack vector.

To mitigate this, you can disable the shortcut for StickyKeys. You can do this by opening the Control Panel and modifying the settings for StickyKeys in the Accessibility Options dialog. Click on the Settings button and uncheck the option for using the keyboard shortcut.

Once this setting has been put into effect, hitting the SHIFT key 5 times will no longer activate the StickyKeys interface.

Similar to SYMBOS_MREX.A, the recently discovered Symbian malware, SYMBOS_FEAKS.A, also affects devices that run on UIQ platform.

UIQ is a software platform or GUI based upon Symbian OS. Like the other Symbian platform S60, it provides additional components to the core operating system, thus enabling compatible mobile devices to run third-party applications.

Currently, there are only a number of devices that support UIQ. Targeting the said devices clearly suggests that the malware author is trying to prove a point, rather than aiming to actually spread the Symbian malware and cause an outbreak.

SYMBOS_FEAKS.A attempts to spread by sending the following SMS message to the affected mobile phone’s contacts:

hey check this link out bye
http://www.{BLOCKED}.ucsb.edu/%7efeakk/feakk.zip

Although currently inaccessible, the URL mentioned above supposedly contains a copy of the Symbian malware.

To avoid infection, refrain from receiving and installing unsolicited files from other mobile devices. If you have received the SMS message specified above, delete it and do not visit the URL. In addition, download and install the Trend Micro Mobile Security and keep your patterns updated.