» Topic:  Symbian Anti-Virus Bundled with Symbian trojan

» Added by:  Antti

» Date:  9.11.2005

  SymbOS/Doomboot.G is a new variant of Doomboot family. This malware also contains a pirated version of the ExoVirusStop antivirus application.

We have seen Symbian trojans that pretend to be antivirus application from some company or another. But I believe that Doomboot.G is the first case that actually contains a fully working pirate copy.

In addition to the antivirus application, the Doomboot.G contains corrupted system binaries from Doomboot.A and empty files that have the same file name and path that the virus SymbOS/Lasco.A uses.

The goal of the virus author has probably been that user installs the ExoVirusStop and later updates the Anti-Virus to a version that detects Lasco.A. Then the user scans a his phone and gets report about Lasco.A, and with that report a request to reboot his phone.

If the phone is booted while the Doomboot files are still in the system, the phone cannot start up again. The phone can be reformatted with special key code, which of course will erase all data.

We have contacted exoSyphen Studios that makes the ExoVirusStop product, and their latest version is able also to remove the Doomboot files.

Like any other Symbian trojan, the Doomboot.G and it's close variant SymbOS/Doomboot.H are danger only to people using pirate copied software.

Source : www.f-secure.com