Content
SymbOS/Kiazha.A
- Type
- Trojan
- SubType
- -
- Discovery Date
- 03/04/2008
- Length
- 63,592
- Minimum DAT
- 5244 (03/04/2008)
- Updated DAT
- 5244 (03/04/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 03/04/2008
- Description Modified
- 03/05/2008 9:06 PM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
-- Update March 05, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.channelregister.co.uk/2008/03/05/mobile_ransomware_trojan/
--
SymbOS/Kiazha.A is distributed within SymbOS/MultiDropper.CR.
After installation SymbOS/Kiazha.A is run immediately. After a delay SymbOS/Kiazha.A displays a warning message.
Fig 1 – The warning message is displayed after installation
The following is the Chinese text of the warning message and translations:
|
Original |
Translation |
| 警告:您的手机已中毒,请准备五十元移动充值卡联系QQ<REMOVED>,否则您的手机将会瘫痪!! | Warning: Your mobile phone has been affected, please a prepare mobile phone recharge card of 50 Yuan RMB, and contact with QQ<REMOVED>, or your phone will be paralysed!! |
| 确认 | Confirm |
Once the “确认" button is clicked, SymbOS/Kiazha.A will terminate. The QQ id in the message is reachable and the user requests the recharge card number.
SymbOS/Kiazha.A also deletes any sent or received SMS messages.
Symptoms
- A warning message is displayed that attempts to extort money from the user.
- Incoming and outgoing SMS messages are deleted
Method of Infection
Removal
-
Variants
Variants
N/A
All Information
Overview -
SymbOS/Kiazha.A is a trojan that attempts to extort money from device user. It is distributed as a component of SymbOS/MultiDropper.CR.
Characteristics
Characteristics -
-- Update March 05, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.channelregister.co.uk/2008/03/05/mobile_ransomware_trojan/
--
SymbOS/Kiazha.A is distributed within SymbOS/MultiDropper.CR.
After installation SymbOS/Kiazha.A is run immediately. After a delay SymbOS/Kiazha.A displays a warning message.
Fig 1 – The warning message is displayed after installation
The following is the Chinese text of the warning message and translations:
|
Original |
Translation |
| 警告:您的手机已中毒,请准备五十元移动充值卡联系QQ<REMOVED>,否则您的手机将会瘫痪!! | Warning: Your mobile phone has been affected, please a prepare mobile phone recharge card of 50 Yuan RMB, and contact with QQ<REMOVED>, or your phone will be paralysed!! |
| 确认 | Confirm |
Once the “确认" button is clicked, SymbOS/Kiazha.A will terminate. The QQ id in the message is reachable and the user requests the recharge card number.
SymbOS/Kiazha.A also deletes any sent or received SMS messages.
Symptoms
Symptoms -
- A warning message is displayed that attempts to extort money from the user.
- Incoming and outgoing SMS messages are deleted
Method of Infection
Method of Infection -
Removal -
Removal -
-
Variants
Variants -
N/A
