Just over a year ago Worm.SymbOS.Yxe appeared – this was the first malicious program for smartphones running Symbian S60 3rd edition which had a valid digital signature. From time to time subsequent versions of this worm appeared – the latest variant, Yxe.d was detected in July 2009.
Today we detected a new variant, Worm.SymbOS.Yxe.e, which also has a valid digital signature. Previous modifications of the worm:
- Spread via SMS messages which contained a link to the worm
- Used social engineering in order to trick victims
- Harvested data about the smartphone from the device
- Sent the harvested data to a cybercriminal server
- Attempted to terminate third party applications designed for working with the smartphone’s file system or with active applications.
The latest modification does all of the above and more. It also:
- Sends MMS messages containing a link to itself, and, attached, a black and white skull and crossbones image (Skuller, a Trojan which first appeared in 2004, also used a skull and crossbones)
- Connects to a Chinese social networking site
- Downloads files
- Block the smartphone’s Software Manager, making it more difficult to delete the malware
We’re still analysing Worm.SymbOS.Yxe.e in detail – we’ll keep you posted.