The Mosquito Trojan, the first malware observed in the wild for the Symbian, has turned out to be a misjudged effort at copy-protection. Discovered just days after the alleged first Windows CE Trojan horse was identified, Mosquito was found to be dialling a premium rate number on Symbian phones without the owners' knowledge.
Users infected their Symbian Series 60 phones with the "Mosquito Trojan" by running an illegal version of the game Mosquitos and then found expensive text messages in their phone bills. The problem is a nuisance rather than a security risk, as it does not spread from phone to phone. So far actual Symbian viruses such as Cabir which spreads through Bluetooth, are still at the proof-of-concept stage.
The Trojan dialler, also known as Trojan.Mquito or Mosquit-A, is not directly the work of hackers, but was part of an early version of the game, according to F-Secure, as reported in Infosync World. F-Secure says the Trojan dialler was put into early versions of the game by the maker, Ojum, with the idea that if the program detected it had been cracked or was running on an unauthorised device, it would send a text message to a specified number - at a premium rate, of course, costing the user around £1.50 per call.
Unfortunately, the Trojan malfunctioned, resulting in big bills and complaints to the company. Ojum removed it from the game, but not before it had been copied to warez sites, and "innocent" copyright thieves were starting to see their bills go up. Ojum has cancelled the premium billing on the number, says F-Secure, so future texts will only be billed as a normal text message - though that could be quite expensive if dialled from outside the UK, where the original version was designed to be run. "The Trojan version of the game can be found only from pirated sources," says the F-Secure site. "Installing such programs is not recommended in the first place."
Chris Auld, managing director of mobility software specialist Kognition, says that threats on Symbian will be more limited than on Windows CE. "The interesting thing to note with Symbian is that applications, and thus worms and viruses, are generally only going to run on a subset of all Symbian devices. Symbian doesn't have quite the 'write once, run anywhere', story you'd get with CE, but there are a number of devices, all on the Vodafone network, that will potentially be affected by this issue."
He says Symbian's advice to only download software from trusted sources is sound, but adds a note of caution about carriers requiring too much of developers when it comes to getting applications certified. "It's obviously important for small developers that the bar, in terms of cost and time, isn't set too high when it comes to having apps certified and signed," says Auld.
The game allows users to shoot mosquitos on screen in a "virtual reality" type of atmosphere, Cracked versions have a different version of the opening screen, with responsibility for the crack taken by one "Soddom Bin Loader".