Symbian anti-virus specialist SimWorks has identified the first threat able to so severely disrupt the functioning of a Symbian phone that it can no longer be used to make phone calls. Previously identified threats, such as the Skulls trojans, have affected only the higher level functions of a device, not it's ability to make calls.
The threat, Gavno.a is spread via a file called patch.sis and induces mobile phone users to install it on their devices by masquerading as a patch for their phone, a concept familiar to mobile phone users from other computing platforms such as Microsoft Windows.
SimWorks CEO Aaron Davidson says “The Gavno trojan is a significant development. Until Gavno there has been nothing that you could inadvertently install on your phone that could disrupt it to the extent that you can no longer even make a phone call. Gavno is just 2kb in size, effectively making it is the most destructive and the smallest Symbian trojan at the same time”.
“The Gavno trojan disables a phone by using a a malformed file to crash an internal Symbian process. A similar technique was used by the SEXXXY trojan identified by SimWorks in December, however in the case of SEXXXY only a single button was disabled, not the entire phone.
It is unclear whether there is any connection between the author of SEXXXY and the author of Gavno” says Davidson. A second version of Gavno has also been identified, Gavno.b, which is identical to Gavno.a except that its installation file, patch_v2.sis is somewhat larger as it also includes a copy of the Cabir and Camtimer trojans. When Gavno.b is installed Cabir attempts to send a copy of Gavno and the Camtimer trojan to other nearby Symbian phones via Bluetooth.
Gavno affects Series 60 phones using Symbian OS v7 such as the Nokia 6600 and 7610. Gavno does not affect UIQ based Symbian phones such as the popular SonyEricsson P900/910 and Motorola A925/1000 or Series 60 based Symbian phones using Symbian OS v6.x such as the Nokia 3650 or Siemens SX1.
“Once a user installs Gavno they may find it difficult if not impossible to repair. The instability that it introduces into the phone's operating system can be so severe that it effectively disables all applications on the phone and often results in the phone continually rebooting itself.” says Davidson.
SimWorks Anti-Virus solution for Series 60 and UIQ based Symbian phones has been updated to provide protection from the Gavno trojans.