“Sexy View” not so sexy; new S60 worm discovered

By on Feb 20, 2009 at 9:24 AM
Software February 20, 2009

As deep as we are into S60 3rd Edition’s lifespan, malware was sure to rear its ugly head at some point. In fact, we are still pretty impressed that it’s taken as long as it has. While this newly-discovered worm is not the first instance of S60 malware, it certainly appears to be the most tenacious and dangerous. Dubbed “Sexy View” or SymbOS/Yxes.A!worm, the malware indeed contains a valid Symbian Signed certificate and runs the process “EConServer.exe”. It performs three known attacks: First, it seeks out certain running processes on your handset and terminates them. Then it gathers phone numbers from the handset’s contact list and transmits SMS messages to as many numbers as it can collect. The sent messages contain a URL and if an S60-toting recipient visits the address, his or her handset may become infected as well. Lastly, the worm gathers certain sensitive information about the handset such as IMEI and phone number, and posts the data to a remote server. In other words, this worm is bad news. For the time being, “Sexy View” is thought to only affect OS 9.1 devices though it may also affect OS 9.2. So, S60 users, if you find your contacts pinging you to ask why you’re sending them messages with odd URLs, it may be time to head to the clinic. Both Fortinet and F-Secure claim their mobile antivirus solutions will combat the worm but if you confirm your handset is infected, wiping it should solve your problem for free.

Thanks, Dub!

Read

Tags:
, , , , , ,
10 Comments

Related Articles

  • Patrick

    1st!!!!

    And that’s why Danger OS>>>>

    You will never get a virus!

  • Jeeverz

    Ugh why do you sound like a mac fanboi

  • mobilecontrol

    Danger OS > Symbian

    holy christ, please tell me you are not that friggin’ retarded…

  • e71kid

    sidekick people are just as bad as iphone people and they have been for many years…

  • Jim E.

    I wonder how this app is Symbian signed. Seems like Symbians third party checks are flawed if they let an app like this get signed.

    The could easily fix this particular app by utilizing the revocation list via an OTA update. Though that won’t stop future apps.

  • Patrick

    @mobilecontrol

    have fun with that virus!

  • RAS

    If they know it post info to a remote server, why not go get that remote server, check the owner, confiscate the hardware? Posting back to a remote server seems like it invites the authorities to root you out, no?

  • david a

    lol don’t even bother with the sidekick people. Why are you guys on bgr shouldn’t you be on myspace talking about how you messed with ms applebottom in english today? Sidekicks were cool like four years ago when there was no 3G but now they are slow big dinosoars! Oh well i guess every company must have some fanboys. Note: if you don’t want virus don’t install random shit to your phone

  • Mike M.

    @ david

    Don’t talk shit about ALL sidekick people, me being one of them, allow me to exclude myself from the stereotype. The only reason I use this LX is because I get cheap data rates and yeah, the keyboard is nice. That being said, i’m still moving to an iPhone or BlackBerry Storm sometime soon. Any suggestions on which phone I should pick anyone ?

  • Dave

    This virus is something I have dealt with and unbfortunetley for those who were infected (in some instances have “bricked” their PDA. For those who say ” I’ll never get infected. I say its only a matter of time. Just like MAC OS. The more popular an OS, the more likely someboday will write code that will infect it. Pretty sad. Just my opinion.
    ~D

blog comments powered by Disqus