Feeds

Mosquitos smartphone 'Trojan' there by design

An urban myth is born

  • alert
  • submit to reddit

Security for virtualized datacentres

The Mosquitos Symbian dialler Trojan is not really a Trojan horse after all.

Many news outlets, including ourselves, reported that a "trojanised" version of Mosquitos game for Symbian Series 60 smartphones was circulating online and across P2P networks. Cracked versions of the game secretly sends SMS messages to premium rate numbers, according to reports on various online forums.

Illegal copies of the game display the following message on start-up: "This version has been cracked by SODDOM BIN LOADER No rights reserved. Pirate copies are illegal and offenders will have lotz of phun!!!"

Yesterday Symbian put out a statement which contributed to the impression that malign code was inserted into 'cracked' versions of the game by members of the computer underground. However it turns out that the hidden SMS functionality, along with a message written in the best vernacular VXer speak, was put in the game from the beginning by the original games publisher Ojom.

In an advisory, AV firm F-Secure explains: "This functionality was intended to be a copy-protecting technique - it didn't work as planned and the whole functionality backfired.

"The premium rate contracts for the phone numbers have been terminated, so although old versions of the game still send hidden SMS messages, it only costs the nominal fee of sending the message itself. Current versions of this game no longer have this hidden functionality, but 'cracked' versions of Mosquitos still float in P2P network - and they still send these messages," it adds.

So what appeared to be a Trojan is actually a rather sneaky and somewhat ineffective copy-protection technique. Proof that even if something looks like a duck, talks like a duck and walks like a duck it isn't necessarily Anas platyrhynchos.

Although the Mosquitos saga turns out to be an urban myth, the recent discovery of the first malware capable of infecting smartphones shatters the comforting belief the mobile phones are safe from viral infection. The threat is very low at present but shouldn't be completely discounted. ®

Related stories

Trojan dialler afflicts Symbian smartphones
Trojan horse stalks PocketPC
Virus attacks mobiles via Bluetooth
UK premium rate phone complaints rocket

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.