» Topic:  A new Symbian trojan that locks the phone MMC card

» Added by:  sp3x

» Date:  30.9.2005

  SymbOS/Cardblock.A is a Symbian trojan that is the first known trojan to attack phones MMC card. SymbOS/Cardtrap.A used phones MMC card in trying to get users PC infected with Win32 malware, but Cardblock.A is the first one that actually attacks the MMC card itself.

SymbOS/Cardblock.A is a trojanized version of Symbian application InstantSis created by Biscompute.

When installed Cardblock.A appears be a cracked version of InstallSis providing user with ability to repack already installed SIS files and copy them to another device.

However when user tries to use Cardblock.A to copy an application, a payload triggers that blocks the MMC memory card of the phone and deletes critical system and mail directories.

Blocking the memory card is done by setting a random password to the card. So that after the phone has been once rebooted, the card is no longer accessible on the phone or any other device, without entering a password. And as the password is a random code, that is not provided to user, the card and it's contents are unusable until unlocked.

Deleting system directories destroys information about installed applications, users MMS and SMS messages, phone numbers stored on the phone and other critical system data. Which means that user loses access to applications he has installed into the phone, and his phone numbers and other important data.

Some phone such as Nokia 6670 and Nokia 6600 survive from deletion of system directories quite easily, just a reboot and phone is usable. But the user data and MMC card are still lost.

Unfortunately some phones that use newer versions of Symbian OS, such as Nokia 6630 are hit harder. These phones will fail to reboot and display message that requests the phone to be taken to maintenance. However the phone can be recovered with special hard format key combination.

Source : f-secure.com