Thursday, May 24, 2007

A real trojan for S60 phones

"Finally" there's a piece of malware for Symbian phones that actually does damage. Of course, there's not much risk of getting infected by it: it's a simple trojan, uploaded to a file sharing site, posing as a utility. Once installed, it'll send SMS messages to a premium rate number, effectively adding about $7 to your phone bill. The descriptions of it seem to suggest that it only sends one SMS per infected phone, which makes me think it's more of a proof of concept implementation. The program runs on S60 1st and 2nd edition phones.

There shouldn't be any problems porting this thing to 3rd edition, which is interesting, considering how much pain Symbian and partners are willing to inflict on developers for the sake of security. This app doesn't need any restricted privileges and would not need to be Symbian Signed. Sure, the user gets an extra warning at install time, but people who install 3rd party software on their Symbian 9 phones are used to that, and will just press OK. Autostarting the app might be a problem, but that shouldn't be an issue: the user is obviously going to start the app after installing it, at which point it can start sending its premium rate messages. A clever coder would of course spawn a background process that keeps sending new messages continuously.

But well, writing software that does damage after the user has manually installed it is never going to be difficult. Writing code that could install itself without user interaction would be a real challenge.

No comments: