Return of the Yxe worm

Just over a year ago Worm.SymbOS.Yxe appeared – this was the first malicious program for smartphones running Symbian S60 3rd edition which had a valid digital signature. From time to time subsequent versions of this worm appeared - the latest variant, Yxe.d was detected in July 2009.

Today we detected a new variant, Worm.SymbOS.Yxe.e, which also has a valid digital signature. Previous modifications of the worm:

• Spread via SMS messages which contained a link to the worm
• Used social engineering in order to trick victims
• Harvested data about the smartphone from the device
• Sent the harvested data to a cybercriminal server
• Attempted to terminate third party applications designed for working with the smartphone’s file system or with active applications.

The latest modification does all of the above and more. It also:

• Sends MMS messages containing a link to itself, and, attached, a black and white skull and crossbones image (Skuller, a Trojan which first appeared in 2004, also used a skull and crossbones)
• Connects to a Chinese social networking site
• Downloads files
• Block the smartphone’s Software Manager, making it more difficult to delete the malware

We’re still analysing Worm.SymbOS.Yxe.e in detail – we’ll keep you posted.