Anti-virus vendors have spotted a new strain of the “Skulls” Trojan sneaking into Symbian-based cell phones, and this one drops the Cabir worm on the devices.
The latest mutant, Skulls.B, is similar to the Trojan discovered last week in the Nokia 7610 smart phone, which is powered by the Symbian operating system.
However, while the original “Skulls” Trojan simply disabled the smart-phone functionality on the handset, the new version also infects the device with Cabir, a worm that uses the Bluetooth protocol to copy itself onto devices as far as 30 feet away.
Cabir, which was first discovered in June, is transmitted as an SIS (Symbian Installation System) file and disguised as a Caribe Security Manager utility. It originally appeared as a proof-of-concept virus without a payload.
Anti-virus specialist F-Secure Corp. released an advisory for the new version of “Skulls,” which is described as a malicious SIS file Trojan that will replace the system applications with non-functional versions before installing the Cabir worm.
“Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the Installation security warning—unable to verify supplier message shown by the operating system),” F-Secure said in the advisory. Also, according to the advisory, the new variant replaces standard application icons with generic ones instead of the skull and cross-bones used by the original Trojan.
Skulls.B is capable of disabling all functions on the phone that require system application, such as SMS and MMS messaging, Web browsing and the built-in camera.
When the original Trojan appeared, U.K.-based Symbian Ltd. said it was investigating the malware, which targets the Nokia 7610 but may affect some other phones using the Series 60 user interface.
“To be affected by the malware requires a phone user to deliberately install it as an application onto their phone. The malware cannot be installed without repeated user intervention, including ignoring a security warning,” the company said in a statement.
“The malware does not appear to have the ability to distribute itself to other phones,” it added.