A relatively low-impact but threatening virus is popping up on some
SymbianOS-powered phones, according to an F-Secure anti-virus report Friday.
The virus, which overwrites application info and icon files (AIF) on the C:
drive with an icon of a skull-and-bones image, has been found at some
Symbian shareware download sites under the filename “Extended Theme Manager”
and “Tee-222” with a SymbianOS Installer file (.sis).
According to the security firm, users who are infected with the trojan
instead instructs users to follow the disinfection steps contained at its Web site, which
involve deleting two files — Appinst.aif and AppInst.app — and
downloading F-Secure’s mobile anti-virus service.
“Skulls SIS file does not contain any malicious code as such, it is just a
Symbian Installation file that installs critical System ROM binaries into C:
drive in with exact same names and locations as in the ROM drive,” the
F-Secure report states. The Trojan exploits a feature of the Symbian OS to add the skull graphic.
Although any program that uses system applications will be disabled if
infected with the Skulls trojan, people will still be able to make and receive phone calls.
The Symbian operating system has become a popular target for mobile phone
virus writers. Earlier this year,
security consultant firm Kaspersky Labs issued a virus report on Cabir.
As with Skulls, Cabir transmitted a .sis file disguised as a security
Unlike Cabir, which scanned for accessible phones in Bluetooth range and
made a copy of itself, Skulls isn’t self-replicating.
While the impact is low, the virus has been in the “wild” for some time. At
the Web site AllAboutSymbian.com, users have logged complaints on the forum
as far back as Oct. 7 about a .sis file called “Extended Theme Manager” that
was causing problems.