symbian malware


While wearing my eyes off on the assembly code of the Symbian malware Zitmo, I had been quite embarrassed not to find any clear link with stealing online banking credentials as the rest of the ZeuS attack seemed to indicate. This issue is now solved, I know how the cyber-criminals did it or intended to. The Zitmo malware is actually a light version (or a cracked one) of the Russian SMS Monitor application. This borderline application is officially meant for "parental control" and "security audit", but it looks like it ended upin the wrong hands... We... [Read More]
by RSS Axelle Apvrille  |  Sep 28, 2010  |  Filed in: Security Research
The Symbian malware Yxes is (nearly) keeping me awake these days. Among other functionalities, it sends HTTP requests to a remote web server. The URLs it gets are the following: - Yxes.A: http://[REMOVED]/Kernel?Version= - Yxes.B or Yxes.E: http://[REMOVED]/Kernel.jsp?Version=&PhoneType= - Yxes.C: no similar URL - Yxes.D: this one issues two different requests: http://[REMOVED]/bs?Version=&PhoneImei=&PhoneImsi=&PhoneType= http://[REMOVED]/number/?PhoneType= http://[REMOVED]/index.jsp?PhoneType= - Yxes.F: http://[REMOVED]/PbkInfo.jsp?PhoneType=&PhoneImei=&PhoneImsi= TYPE... [Read More]
by RSS Axelle Apvrille  |  Jul 21, 2009  |  Filed in: Security Research