A trojan targeting mobile phones with Symbian OS Series 60 has been discovered. The pirated version of a game for Symbian based mobile phones, named Mosquitos, contains this trojan.
This pirated version is shared on p2p networks and on warez sites. Once it is installed on a mobile phone it sends unauthorised SMS messages to premium rate numbers while the game is being played.
Symbian offers the following summary information and advice:
The only way a phone can be affected by this problem is by deliberate installation of an illegal copy of the Mosquitos game by the user
Installation of the game requires the user to ignore an explicit warning that the identity of the application developer is unknown
When the user starts the game, the following information is displayed on the screen, making it clear to the user that the game is an illegal, pirated version:
The cracked Mosquitos game runs only on phones using the Series 60 User Interface platform
Phones using the UIQ user interface platform (Sony Ericsson, Motorola, BenQ, Arima) or the NTT DoCoMo MOAP platform (Fujitsu) cannot be affected by this problem
The four premium rate numbers embedded in the cracked game are reported to be for the UK, Germany, the Netherlands and Switzerland only
We believe that uninstalling and thus deleting the game will completely remove it and prevent any further incidence of unauthorised SMS activity
The developer of the original Mosquito game, Ojom, has created this program for earlier versions of the game to combat piracy. It was intended that the program secretly send an SMS message to alert the company if an unlicensed copy was being used.
Anti-virus company F-Secury says that the functionality backfired, and Ojom removed it from later versions of the game. However, pirated versions may still contain this 'function'.
Users of mobile devices have been concerned they may soon face virus risks, following the June launch of the first proof-of-concept virus affecting cellphones.
The virus, Cabir, was not malicious and ran on the Symbian operating system, which is used in certain Nokia, Siemens, Motorola and Sony Ericsson phones.
Symbian said that it's taking security issues very seriously and that they are working constantly to develop and integrate the most advanced security features for their Symbian OS. The company believes that mobile security is the responsibility of the entire industry.
It requires co-operation and trust – values the Symbian OS open approach encourages. Symbian provides the required infrastructure for security and works with partners, licensees, network operators and standards bodies to further ensure security needs of the market are met. No system for security can be guaranteed 100%. However, Symbian has measures in place to minimize the chance of a widespread attack focused on Symbian OS devices.