Content
SymbOS/Htool-SMSSender.A.intd
- Type
- Program
- SubType
- Spyware
- Discovery Date
- 12/12/2006
- Minimum DAT
- 4919 (12/14/2006)
- Updated DAT
- 4919 (12/14/2006)
- Minimum Engine
- 5.1.00
- Description Added
- 12/13/2006
- Description Modified
- 12/13/2006 2:41 PM (PT)
Tab Navigation
Characteristics
SymbOS/Htool-SMSSender.A.intd is a prototype spyware application. It attempts to send copies of received SMS messages to the spyware author.SymbOS/Htool-SMSSender.A.intd is distributed as source code and in a SIS file named "XaSMS.SIS". Both the source code and SIS file are included in a RAR archive file named "HackSMS.rar". The spyware installs under the name "XaSMS".
SymbOS/Htool-SMSSender.A.intd, according to its author, is intended to provide an example for intercepting and forwarding SMS in the manner of SymbOS/Mobispy.A or SymbOS/Acallno.A. This entails copying the text of the last SMS message received, placing it into a new SMS, and forwarding the message to the spyware author.SymbOS/Htool-SMSSender.A.intd does not send SMS messages to the author's phone number. The spyware copies the text of the last received SMS into a new message in the Drafts folder.
SymbOS/Htool-SMSSender.A.intd never sends the draft SMS messages. It is also starts automatically on reboot.
Fig 1 - SymbOS/Htool-SMSSender.A.intd stores SMS messages in the Drafts folder.
The source code for SymbOS/Htool-SMSSender.A.intd does not include functions for sending SMS messages to the malware author. It also includes unimplemented functions, unused arguments, and functions that are commented out. The author of SymbOS/Htool-SMSSender.A.intd, though apparently unskilled, believes the source code will be useful to other malware authors for constructing SMS spyware.
Removal
-Aliases
Aliases
-
N/A
