SymbOS/Yxes or downloading customized malware

The Symbian malware Yxes is (nearly) keeping me awake these days. Among other functionalities, it sends HTTP requests to a remote web server. The URLs it gets are the following: – Yxes.A: http://[REMOVED]/Kernel?Version=<VERSION> – Yxes.B or Yxes.E: http://[REMOVED]/Kernel.jsp?Version=<VERSION>&PhoneType=<TYPE> – Yxes.C: no similar URL – Yxes.D: this one issues two different requests: http://[REMOVED]/bs?Version=<VERSION>&PhoneImei=<IMEI>&PhoneImsi=<IMSI>&PhoneType=<TYPE> http://[REMOVED]/number/?PhoneType=<TYPE> http://[REMOVED]/index.jsp?PhoneType=<TYPE> – [...]

by Axelle Apvrille  |  July 21, 2009 at 8:14 am
5 Comments »
Tags: , , , ,
Newer Entries »
Go to FortiGuard Security Blog

How to Buy

Purchase Fortinet Products


Polls

Are you currently using application control as part of your security strategy?

View Results

Loading ... Loading ...

Subscribe

All Posts
Threat Research Posts

Fortinet on the Web

Categories

Search Archive

Popular Topics

adobe android Anti-Spam Antivirus apple botnet bredolab conference Cryptography derek manky exploit facebook Firewall FortiGate Fortinet google hacking challenge iphone koobface Mac OS X Malware microsoft mobile mobile malware mobile phone mobile phones Mobile Security privacy Research reverse engineering reversing Security sms symbian symbianos symbos/album symbos/yxes Threat Landscape trojan UTM virus bulletin virut Windows Zeus zitmo

Archives