Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Conventional wisdom has it that mobile platforms like PDAs and mobile phones are safer from malware attacks, one reason being the relatively closed nature of such platforms. In some platforms, such as newer versions of the Symbian OS, this is enforced in part by mandatory code signing, which requires that applications need to be signed by a third party, ensuring (in theory) that they are not malicious. (Currently, this process is carried out by Symbian Signed, now part of the Symbian Foundation).

    Assuming that the third party is trustworthy, this system should be foolproof, shouldn’t it?

    Not always.

    In the past few days, Trend Micro has encountered a new threat for Symbian devices, deteted as SYMBOS_YXES.B. According to Marianne Mallen, Escalation Engineer in TrendLabs, it posts as the legitimate application ACSServer.exe and calling itself Sexy Space, it steals the user’s subscriber, phone, and network information, and connects to a website in order to send the said information. In addition, it can also send spammed SMS messages to the user’s contacts. (The content in the said messages is acquired from the website it connected to earlier.)

    In short, it appears to be a botnet for mobile phones. All this would be worrying enough, but there’s an even bigger issue at play here. Both SYMBOS_YXES.B and an earlier variant, SYMBOS_YXES.A are signed programs. The signing process—undertaken by the Symbian Foundation itself—is supposed to ferret out instances like this, but somehow this slipped through. It may well be a coincidence, but it does not reinforce confidence in the signing system.

    Whatever the case, this particular threat is already detected by the Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice