Original URL: http://www.theregister.co.uk/2009/07/16/mobile_trojan/
Zombies bite into Symbian smartphones
Low-risk mobile Trojan bundles botnet features
Security researchers have identified the first known spam bot client for 3G phones.
YXES-B poses as a legitimate application called Sexy Space (ACSServer.exe) to steal the subscriber, phone, and network information of victims. The malware forwards these details to a site under hacker control.
The same site contains message clips that form the template to send spammed SMS messages to the victims' contacts.
The malware therefore has a command and control infrastructure that makes it a botnet for mobile phones, according to Trend Micro, the security software firm.
The code-signing process applied by Symbian is designed to enure that threats like YXES-B never meet the light of day. Hackers have subverted this process for a second time - YXES-B was proceeded by an earlier variant. It it's unclear how they have done this
The damage potential posed by the malware is quite high. Fortunately, incidents of actual infections remain low.
More details on the threat can be found in a write-up from Trend Micro here. ®