Chinese firms behind 'Sexy Space' Trojan

The malware, which passed through Symbian Foundation's digital-signing process, was created by three Chinese companies, F-Secure says.

Vivian Yeo Special to CNET News
2 min read

F-Secure has identified three China-based companies as the creators of the "Sexy Space" Trojan, which was identified last week to have passed through Symbian Foundation's digital-signing process.

XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Symbian Foundation under its Express Signing program, security company F-Secure said Wednesday in a statement.

Developers are required to submit mobile applications to the Symbian Foundation for evaluation, before the applications are accepted and enabled for handsets running the Symbian operating system. The apps are first automatically scanned for viruses. After that, random samples are submitted for human audit. Sexy Space had not been subjected to human scrutiny, Symbian's chief security technologist Craig Heath said last week.

F-Secure's senior security response manager, Chia Wing Fei, explained that the Trojan would have allowed attackers to simply send a link via text message to a malicious Web site and prompt the mobile recipient to download the worm. Once the malware would be installed, it could send similar text messages to all contacts listed on the phone.

"These messages are sent in your name and from your phone," Chia said. "It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you ($25)."

According to F-Secure, this is the first identified text message worm.

The Symbian Foundation became aware that Sexy Space was a Trojan earlier this month, and the signature was revoked. But an error on Symbian's servers meant the application was still available for download until last week.

F-Secure said that although the problem is currently not widespread, there have been a few confirmed reports in China and the Middle East so far.

All Symbian Series 60 third-edition phones by Nokia, LG and Samsung are potential targets of the malware, including popular models such as Nokia N95 and Nokia E71, said F-Secure. The Symbian platform is used in just under 50 percent of all smartphones.

Vivian Yeo of ZDNet Asia reported from Singapore.