1. Symantec/
  2. Security Response/
  3. Spyware.FlexiSpy


July 2, 2007 4:56:37 PM
Also Known As:
Flexispy.A [F-Secure], SYMBOS_FLEXSPY.A [Trend]
Risk Impact:
Systems Affected:
Symbian OS
On Symbian OS:
The spyware arrives on the device as the following file:
FSL_Nokia_[Cellular Phone Name].SIS

When a user opens the file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device will prompt the user to install "Phones".

When executed, the spyware drops the following files to the device:
  • [DRIVE LETTER]:\system\recogs\FSLRECOG.MDL
  • [DRIVE LETTER]:\system\recogs\FXSMON.MDL
  • [DRIVE LETTER]:\system\apps\system\phones\FXSMON.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\MONUNINS.EXE
  • [DRIVE LETTER]:\system\apps\system\phones\t4l.cfg
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs_caption.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.rsc
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.app
  • [DRIVE LETTER]:\system\apps\system\phones\Fxs.aif
  • [DRIVE LETTER]:\system\apps\system\phones\MONITOR.DLL
  • [DRIVE LETTER]:\system\apps\system\phones\config.dat
  • [DRIVE LETTER]:\system\apps\system\phones\monitor.log
  • [DRIVE LETTER]:\system\apps\system\phones\phones.db

On BlackBerry:
The program arrives as the following Java application:

Once installed, it monitors phone call details and SMS text messages and sends them to a remote server. The monitored logs can subsequently be viewed with a Web browser.

The program may contact the following Web sites:
  • [http://]mobile.flexispy.com/serv[REMOVED]
  • [http://]vervata.com/t4l-mcli/cmd/producta[REMOVED]
Writeup By: Hyun Choi and James O'Connor
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube