Content
SymbOS/Anitgru.A
- Type
- Malware
- SubType
- PDA Device
- Discovery Date
- 12/04/2007
- Length
- Minimum DAT
- 5214 (01/23/2008)
- Updated DAT
- 5214 (01/23/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 01/23/2008
- Description Modified
- 01/23/2008 12:49 AM (PT)
Tab Navigation
Characteristics
Symptoms
- Sends out SMS to a preset number
- Sends SMS containing user identifying information
- Copies itself to any inserted memory card
- Copies itself from the memory card to the handset
Method of Infection
SymbOS/Anitgru.A is a malfunctioning version of a commercial Anti-theft software.
SymbOS/Anitgru.A installs to the handset and any installed memory card. The software is designed to monitor the SIM card and if it is changed, send an alert SMS to a preset number.
Fig 1 - Options menu, used to setup forwarding number.
SymbOS/Anitgru.A copies itself to the memory card in order to survive a hard reset. After a hard rest the copy of SymbOS/Anitgru.A on the memory card will reinstall itself to the handset.
If the memory card is transferred to another handset on which SymbOS/Anitgru.A is not installed, it will install itself on the handset.
SymbOS/Anitgru.A sends an alert SMS containing information on any new SIM cards to a predefined number. The SMS contains the IMSI, IMEI, and other information to identify the subscriber in possession of the handset. SymbOS/Anitgru.A will send the alert SMS message multiple times.
Due to an error in design, SymbOS/Anitgru.A is not capable of determining if it installed on the phone it is protecting. This error causes the malware to propagate uncontrollably.
Removal
-
Variants
Variants
N/A
All Information
Overview -
SymbOS/Anitgru.A is a malfunctioning version of a commercial anti-theft software. It propagates itself uncontrollably and sends out unauthorized text messages.
Aliases
- SymbOS/HatiHati(F-Secure)
Characteristics
Characteristics -
Symptoms
Symptoms -
- Sends out SMS to a preset number
- Sends SMS containing user identifying information
- Copies itself to any inserted memory card
- Copies itself from the memory card to the handset
Method of Infection
Method of Infection -
SymbOS/Anitgru.A is a malfunctioning version of a commercial Anti-theft software.
SymbOS/Anitgru.A installs to the handset and any installed memory card. The software is designed to monitor the SIM card and if it is changed, send an alert SMS to a preset number.
Fig 1 - Options menu, used to setup forwarding number.
SymbOS/Anitgru.A copies itself to the memory card in order to survive a hard reset. After a hard rest the copy of SymbOS/Anitgru.A on the memory card will reinstall itself to the handset.
If the memory card is transferred to another handset on which SymbOS/Anitgru.A is not installed, it will install itself on the handset.
SymbOS/Anitgru.A sends an alert SMS containing information on any new SIM cards to a predefined number. The SMS contains the IMSI, IMEI, and other information to identify the subscriber in possession of the handset. SymbOS/Anitgru.A will send the alert SMS message multiple times.
Due to an error in design, SymbOS/Anitgru.A is not capable of determining if it installed on the phone it is protecting. This error causes the malware to propagate uncontrollably.
Removal -
Removal -
-
Variants
Variants -
N/A
