SYMBOS_QDIAL.A

Malware type: Symbian

Aliases: Trojan.SymbOS.Mosquit.a (Kaspersky), SymbOS/QDial26 (McAfee), Trojan.Mos (Symantec), TR/SymbOS.Mosqu.A.1 (Avira), Troj/Mosqit-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Symbian OS

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

Medium

Distribution potential:

Medium

Description: 

This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.

(Note: The Series 60 Platform is licensed by various mobile phone manufacturers including LG Electronics, Lenovo, Nokia, Panasonic, Samsung, Sendo, and Siemens.)

Here are some of the affected mobile phones:

  • Nokia 7650
  • Nokia 7610
  • Nokia 6620
  • Nokia 6600
  • Nokia 3650, 3600
  • Nokia 3660, 3620
  • Nokia N-Gage
  • Panasonic X700
  • Siemens SX1
  • Sendo X

It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.

It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.

Unlike worms, it does not spread itself to other contacts in the phone.

It also displays the following screen upon execution:

    This box indicates that the game is a cracked version and an illegal copy of the Mosquito game.

Symbian has released a statement regarding the spread of this Trojan. The press release is available on the Symbian Web site.

For additional information about this threat, see:

Description created: Aug. 12, 2004 1:33:23 AM GMT -0800
Description updated: Aug. 12, 2004 1:33:25 AM GMT -0800


TECHNICAL DETAILS


Size of malware: 5,632 Bytes

Initial samples received on: Aug 11, 2004

Payload 1: Displays Graphics

Trigger condition 1: Upon execution

Details:

This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.

(Note: The Series 60 Platform is licensed by various mobile phone manufacturers including LG Electronics, Lenovo, Nokia, Panasonic, Samsung, Sendo, and Siemens.)

Here are some of the affected mobile phones:

  • Nokia 7650
  • Nokia 7610
  • Nokia 6620
  • Nokia 6600
  • Nokia 3650, 3600
  • Nokia 3660, 3620
  • Nokia N-Gage
  • Panasonic X700
  • Siemens SX1
  • Sendo X

It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.

Unlike worms, it does not spread itself to other contacts in the phone.

Upon execution, it displays the following screen:

    This box indicates that the game is a cracked version and an illegal copy.

It may then send an SMS message to a premium rate number. The message it sends can have any of the following details:

Recipient Number: 9222
Message: 001152715

Recipient Number: 4636
Message: 005152715

Recipient Number: 87140
Message:001151183

Recipient Number: 87140
Message: king.001151183

Recipient Number: 3333
Message:000152715

Apparently, the mentioned premium rate numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.

Symbian has released a statement regarding the spread of this Trojan. The press release is available on the Symbian Web site.




Analysis by: Imelda Yap

Analysis By: Ace Portuguez


SOLUTION


Minimum scan engine version needed: 6.810

Pattern file needed: 2.342.06

Pattern release date: Aug 11, 2004


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Trend Micro Mobile Security Solution

Trend Micro has released an integrated solution for mobile devices, which provides automatic, real-time scanning to protect wireless devices against malicious code and viruses on the Web or hidden inside files.

Download the latest Trend Micro Security Solution from this site.

Removing the Application

Quit the Mosquitos game then perform the uninstallation procedure of the program.

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as SYMBOS_QDIAL.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro�s free online virus scanner.


Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.