Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 04.03.08
auch bekannt als: SYMBOS_KIAZHA.A [Trend], SymbOS/Kiazha.A [F-Secure]

Information:

SymbOS.Kiazha.A is a Trojan that is dropped into compromised devices by SymbOS.Multidropper.A.

technische Details:

When the Trojan executes, it creates the following files:
%DriveLetter%\system\data\appman.exe
%DriveLetter%\system\Programs\Netqin.exe
%DriveLetter%\system\zn1314\sq.exe
%DriveLetter%\system\data\zn1314.db
%DriveLetter%\system\recogs\appmae.mdl
%DriveLetter%\system\recogs\Netqins.mdl


The Trojan sends an SMS message to a predetermined phone number which is stored in the following file:
%DriveLetter%\system\data\appmab.cfg

It may then display the following message:
Warning your handset is infected.
Please prepare 50 cny and then contact QQ number QQ766566889

The Trojan may also delete messages from the compromised device.

It also attempts to steal the following sensitive information from the compromised device:
Symbian OS version
International Mobile Equipment Identity (IMEI) number


The Trojan stores the gathered information in the following file:
%DriveLetter%\system\name\name.dat

The above file may then be sent to a remote attacker.

[Link nur für registrierte Mitglieder sichtbar.]