Spyware.FlexiSpy

Printer Friendly Page

Updated: July 02, 2007 4:56:37 PM
Also Known As: Flexispy.A [F-Secure], SYMBOS_FLEXSPY.A [Trend]
Type: Spyware
Risk Impact: Medium
Systems Affected: Symbian OS

Behavior

Spyware.FlexiSpy is spyware program that runs on either the Symbian OS or BlackBerry mobile devices. Once installed, it monitors phone call details and SMS text messages and sends them to a remote server.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version April 25, 2017 revision 005
  • Initial Daily Certified version March 30, 2006
  • Latest Daily Certified version April 25, 2017 revision 008
  • Initial Weekly Certified release date April 05, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Writeup By: Hyun Choi and James O'Connor

Updated: July 02, 2007 4:56:37 PM
Also Known As: Flexispy.A [F-Secure], SYMBOS_FLEXSPY.A [Trend]
Type: Spyware
Risk Impact: Medium
Systems Affected: Symbian OS

On Symbian OS:
The spyware arrives on the device as the following file:
FSL_Nokia_[Cellular Phone Name].SIS

When a user opens the file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device will prompt the user to install "Phones".

When executed, the spyware drops the following files to the device:

  • [DRIVE LETTER]:\system\recogs\FSLRECOG.MDL
  • [DRIVE LETTER]:\system\recogs\FXSMON.MDL
  • [DRIVE LETTER]:\system\apps\system\phones\FXSMON.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\MONUNINS.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\t4l.cfg
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs_caption.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.app
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.aif
  • [DRIVE LETTER]:\system\apps\system\phones\MONITOR.DLL
  • [DRIVE LETTER]:\system\apps\system\phones\config.dat
  • [DRIVE LETTER]:\system\apps\system\phones\monitor.log
  • [DRIVE LETTER]:\system\apps\system\phones\phones.db


On BlackBerry:
The program arrives as the following Java application:
net_rim_app_console_pro.cod

Once installed, it monitors phone call details and SMS text messages and sends them to a remote server. The monitored logs can subsequently be viewed with a Web browser.

The program may contact the following Web sites:
  • [http://]mobile.flexispy.com/serv[REMOVED]
  • [http://]vervata.com/t4l-mcli/cmd/producta[REMOVED]

Writeup By: Hyun Choi and James O'Connor

Updated: July 02, 2007 4:56:37 PM
Also Known As: Flexispy.A [F-Secure], SYMBOS_FLEXSPY.A [Trend]
Type: Spyware
Risk Impact: Medium
Systems Affected: Symbian OS

On Symbian OS:

  1. Install a file manager program on the device.

  2. Enable the option to view the files in the system folder.

  3. Delete the following malicious files:

    • [DRIVE LETTER]:\system\recogs\FSLRECOG.MDL
    • [DRIVE LETTER]:\system\recogs\FXSMON.MDL
    • [DRIVE LETTER]:\system\apps\system\phones\FXSMON.EXE
    • [DRIVE LETTER]:\system\apps\system\phones\MONUNINS.EXE
    • [DRIVE LETTER]:\system\apps\system\phones\t4l.cfg
    • [DRIVE LETTER]:\system\apps\system\phones\Fxs_caption.rsc
    • [DRIVE LETTER]:\system\apps\system\phones\Fxs.rsc
    • [DRIVE LETTER]:\system\apps\system\phones\Fxs.app
    • [DRIVE LETTER]:\system\apps\system\phones\Fxs.aif
    • [DRIVE LETTER]:\system\apps\system\phones\MONITOR.DLL
    • [DRIVE LETTER]:\system\apps\system\phones\config.dat
    • [DRIVE LETTER]:\system\apps\system\phones\monitor.log
    • [DRIVE LETTER]:\system\apps\system\phones\phones.db

  4. Exit the file manager.


On BlackBerry:

Removal depends on how the program was loaded onto the device, and on device specific settings.

If the program was install OTA (or with an associated ALX file), navigate to the following option:
Options > Security Options > Application Permissions -> (BlackBerry key) -> Delete

If the program was loaded via cable, BlackBerry Enterprise Server (BES) refer to BES documentation for further details.

Writeup By: Hyun Choi and James O'Connor