UMU - Virus Definitions - SymbOS/Flocker.A

Home / Virus Definitions

SymbOS/Flocker.A

UMU Scan protects against this virus.

Threat Level:
Low

Type:
Trojan

SDB Version:
158

SDB Release Date:
14/05/2008

Description Date:
15/05/2008

What does this virus do?
Arriving on your phone disguised as instant messaging application, once installed on your phone it sends a text message at one-second intervals to a hard coded number and you are charged for each message.

SymbOS/Flocker.A arrives on a phone disguised as an ICQ (instant messaging) application. Upon installation, it drops the following files:

!:\balbes\__0_A_O_:_.jpg

!:\system\apps\Icq_reggerNEW\default.py

!:\system\apps\Icq_reggerNEW\Icq_reggerNEW.app

!:\system\apps\Icq_reggerNEW\Icq_reggerNEW.rsc

!:\system\libs\appswitch.pyd

!:\system\libs\inbox.pyd

!:\system\libs\keypress.pyd

* ! signifies a user defined installation drive

It also displays the following messages:

Удачных номеров!

==============================

Installation created with

SISBOOM 2.0

by Atrant

atrant@front.ru

==============================

default.py is a Python script that continuously sends the SMS message “FILES 545” to the hard coded number 3649 at 1-second intervals. Each SMS is charged to the infected phone’s user. It also monitors the phone’s Inbox for replies coming from this number and deletes them.

Since the main Trojan component of Flocker is written in Python, it will only run on Symbian S60 phones with the Python environment installed.

Manual Disinfection

Scan your mobile device using UMU Scan and delete all files detected as SymbOS/Flocker.A.
Download a third party File Explorer.
Locate and delete the following files and folders if they exist: