When a user opens the Trojan file, the phone installer displays the following prompt:
If the user clicks yes, then the installer will display the following message:Name:
The Trojan then displays the following valid Symbian Signed certificate:Subject:
XiaMen Jinlonghuatian Technology Co. Ltd.Valid from:
Once the user chooses to continue installing the application, the following files are installed on to the mobile device memory:
The Trojan starts automatically after the the mobile device is restarted.
It attempts to end the following process control or file control utilities
The Trojan collects the following data from the mobile device and then attempts to connect to a remote location to download configuration information:
- Phone Number
- Phone type
It creates the following sis file:
It also creates the following log file:
The Trojan may also creates the following text files:
It then attempts to send numerous SMS messages to a list of predetermined numbers.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":