1. /
  2. Security Response/
  3. Spyware.FlexiSpy

Spyware.FlexiSpy

Updated:
July 2, 2007 4:56:37 PM
Also Known As:
Flexispy.A [F-Secure], SYMBOS_FLEXSPY.A [Trend]
Type:
Spyware
Risk Impact:
Medium
Systems Affected:
Symbian OS
On Symbian OS:
The spyware arrives on the device as the following file:
FSL_Nokia_[Cellular Phone Name].SIS

When a user opens the file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device will prompt the user to install "Phones".

When executed, the spyware drops the following files to the device:
  • [DRIVE LETTER]:\system\recogs\FSLRECOG.MDL
  • [DRIVE LETTER]:\system\recogs\FXSMON.MDL
  • [DRIVE LETTER]:\system\apps\system\phones\FXSMON.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\MONUNINS.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\t4l.cfg
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs_caption.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.app
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.aif
  • [DRIVE LETTER]:\system\apps\system\phones\MONITOR.DLL
  • [DRIVE LETTER]:\system\apps\system\phones\config.dat
  • [DRIVE LETTER]:\system\apps\system\phones\monitor.log
  • [DRIVE LETTER]:\system\apps\system\phones\phones.db


On BlackBerry:
The program arrives as the following Java application:
net_rim_app_console_pro.cod

Once installed, it monitors phone call details and SMS text messages and sends them to a remote server. The monitored logs can subsequently be viewed with a Web browser.

The program may contact the following Web sites:
  • [http://]mobile.flexispy.com/serv[REMOVED]
  • [http://]vervata.com/t4l-mcli/cmd/producta[REMOVED]
Writeup By: Hyun Choi and James O'Connor
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver