Researchers has find out that a new malicious attack is going on specially targeting Symbian S60 mobile phone users. Worm sends malicious website or url links via SMS to all mobile numbers that are present in phone memory or contact list. The malware also tries to hide its identity via running it under the process called “EConServer.exe” . Symbian S60 malware also kills the Appmngr process also because Symbian S60 Application manager can bed used to uninstall this malicious software just like we can remove any of the software from mobile phone.
Security software vendor F-Secure identifies this worm as Trojan:SymbOS/Yxe.A, is rather new in nature for the S60 3rd Edition platform. F-Secure also characterizes this warm as Trojan because of its data stealing capabilities and social engineering techniques used by this warm against Symbian S60 mobile phones. he malicious application is signed with a certificate that Symbian accepts, thus avoiding arising suspicions from the users. Warm writer used Social engineering techniques to install this application on Symbian mobile phones.
After successful installation the program collect mobile phone identification information such as IMEI and IMSI numbers after collecting the information this application attempt to open an HTTP connection in order to upload the data and keeps the connection open at all times.
This warm can easily remove if mobile phone’s application manager application is running. F-Secure also suggest users to keep an updated list of their Symbian S60 certificates. To maintain a current list of valid certificates, the application manager settings should be adjusted from the defaults. The default App. manager setting for Online certificate. check is Off. The On setting is necessary to remove revoked certificates from your phone during installation.
Online Certificate Check details from Nokia:
- You should have network access to install applications if check is on.
- This may pose cost of data transfer to you.
- "On" means that if the connection to the server fails, installation can be done. A revocated application can in that case be installed.
- "Must be passed" means that if the connection to the server fails, you will not be able to install.
