Return of the Yxe worm

Just over a year ago Worm.SymbOS.Yxe appeared – this was the first malicious program for smartphones running Symbian S60 3rd edition which had a valid digital signature. From time to time subsequent versions of this worm appeared – the latest variant, Yxe.d was detected in July 2009.

Today we detected a new variant, Worm.SymbOS.Yxe.e, which also has a valid digital signature. Previous modifications of the worm:

  • Spread via SMS messages which contained a link to the worm
  • Used social engineering in order to trick victims
  • Harvested data about the smartphone from the device
  • Sent the harvested data to a cybercriminal server
  • Attempted to terminate third party applications designed for working with the smartphone’s file system or with active applications.

The latest modification does all of the above and more. It also:

  • Sends MMS messages containing a link to itself, and, attached, a black and white skull and crossbones image (Skuller, a Trojan which first appeared in 2004, also used a skull and crossbones)
  • Connects to a Chinese social networking site
  • Downloads files
  • Block the smartphone’s Software Manager, making it more difficult to delete the malware

We’re still analysing Worm.SymbOS.Yxe.e in detail – we’ll keep you posted.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *