14 DAY TRIAL // Trend Micro warns that a new variant of the Flocker trojan, which affects mobile phones running the Symbian operating system, has been discovered in the wild. The malware sends SMS messages to a four digit premium rate phone number.
The Flocker trojan was discovered in January 2009 by antivirus researchers from Kaspersky Lab. The malware, thought to be of Indonesian origin, is written in Python and can infect phones running Symbian. A different version of the trojan written in Java and functioning on any device with the J2ME platform installed was identified a month later.
The latest variant reported by Trend Micro and detected by the company as SYMBOS_FLOCK.I masquerades as an application called ZvirOK and its purpose is to send a text message reading "mumym xxx joker90" to a "7250" number. Fortunately, since this is one of the Python-flavored variants, it will only work if a Python interpreter is installed on the phone, which limits its reach.
The researchers are not clear about this variant's purpose, but in previous cases, the trojan was used to transfer credit by sending messages to a special number set up by their carrier. "The intent behind this is unclear: perhaps it could be related to pay services frequently provided by mobile operators. This could cost the user money, particularly if these fees are high. Beyond that, however, no one can really say for sure," Trend Micro's Paul Ferguson writes.
However, according to an advisory published by the Spanish National Institute of Communication Technologies (INTECO), through its CERT arm, the trojan increases the phone bill by sending messages to premium rate numbers. The trojan's removal instructions involve deleting the System\Apps\ZverOK\default.py file from the system and scanning the phone with an antivirus product. As a prevention measure, the institute also recommends contacting your mobile operator and asking them to block your access to premium-rate numbers entirely, if that's possible.
You can follow the editor on Twitter @lconstantin
