Recent Windows Mobile Game (with Trojan)

A place for all your general chat needs

Recent Windows Mobile Game (with Trojan)

Postby Pornstar on Fri Apr 09, 2010 3:09 pm

User avatar
Pornstar
Forum Guru
World's Clunge Authority
 
Posts: 1647
Joined: Thu Jul 08, 2004 3:15 pm
Location: Madrid, Scorchio
steamID: porneh
AKA: Pornstar
antispam1: No
orientation: Yes
Many posters recently in Windows Mobile platform forums have been complaining that their phones have been auto-dialling international numbers at night, often to premium rate destinations. Kapersky has got to the source of it yesterday. Surprisingly (?) it was written by a Russian. Apparently the trojan dialler comes with a new game. Android too can receive this type of trojan.

Lets be careful out there!

Here is a list of Antivirus that you can use on your mobile:

AirScanner
LookOut ( Free ) - highly recommended.
Kaspersky Mobile Security
Symantec Mobile AntiVirus
F-Secure Mobile Security

Crappy babelfish translated quote:
Since March 27 on different international sites, dedicated to free software for [smartofonov] under control of the operating system Windows Of mobile and which make it possible this software to [skachat], appeared new game “3d Antiterrorist”. Inside the [polutoramegabaytnogo] archive, besides game itself, it is possible to find file with the name of reg.exe, which is in actuality the Trojan program, which rings to the international paid numbers, which is fraught with the perceptible money losses for the owners of [smartfonov]. Since April 8 harmful program is detected “by the laboratory Of [kasperskogo]” as Trojan.WinCE.Terdial.a. However, what is this [zlovred]?

After the starting of the adjusting file of antiterrorist3d.cab occurs the installation of game in the directory “Of program Of files”, and also copying of the harmful file of reg.exe with the size of 5632 bytes into the system directory by the name of smart32.exe.

The more detailed analysis of the code of [zlovreda] showed that:

* harmful program was created Russian-language [virusopisatelem];
* bells are achieved to 6 different [premium]- numbers every 50 seconds;
* [zlovred] uses a function Of ceRunAppAtTime for its own starting, moreover starting is achieved in the night time (i.e. when the user of [smartfona], most likely, he will sleep).

The list of the numbers, to which are achieved the bells:

* +882 ****** 7 Of international Of networks
* +1767 ****** 1 the Dominican Republic
* +882 ******* 4 Of international Of networks
* +252 ******* of 1 Somalia
* +239 ****** of 1 San-Tome and [Prinsipi]
* +881 ******** 3- Of global Of mobile Of satellite Of system

Year ago we wrote about [pornozvonilke] for [smartfonov] under control of the operating system Of symbian. Let us recall that the bells to the international paid numbers were achieved by this program for obtaining the access to the materials, to the intended persons it is older than 18 years, in this case the user received preliminary warning about the bell to the international paid number.

Now we deal concerning the first harmful program, which rings to the international paid numbers, illegally enriching the owner (Evas) of harmful program.


Better Google-translated Kapersky source
Youth and skill are no match for experience and treachery.

Return to General Chat

Who is online

Users browsing this forum: Google [Bot] and 14 guests

cron