Live: Samsung Unpacked Live Updates Apple HomePod 2 Review Apple Earnings Preview Resurrecting the Dodo COVID Emergency to Expire DOJ Eyes Tesla Self-Driving DC's 'Gods and Monsters' Slate Salami, Sausage Recalled
Want CNET to notify you of price drops and the latest stories?
No, thank you

Skulls program kills cell phone apps

For some phones infected by the Trojan, the only real fix is a hard reset, which wipes all user data from the device.

Virus writers are targeting Symbian-based cell phones with a Trojan horse that kills off system applications and replaces their icons with images of skulls.

The program, dubbed "Skulls" by antivirus companies, is disguised as a theme manager for Nokia phones in the Symbian Installation System format, said Mikko Hypponen, director of antivirus research for software

Photo: F-Secure
The Skulls Trojan horse changes system icons, disabling all but phone functions.
maker F-Secure. Only a few people have managed to run across the program on the Web and then downloaded and run the Trojan horse, he said.

"We are not talking about a huge amount of infected people, and it is not a virus, so it is not spreading," Hypponen said.

The program is the latest threat to affect mobile phones and PDAs. Earlier this month, a program called Delf infected PCs in order to send spam to mobile phone users in Russia. Two other malicious programs--Mosquito and Cabir--were also aimed at infecting phones that use the Symbian operating system. The creators of Cabir even created a version that attempts to infect Windows CE devices.

Like the latest threat, none of the cell-phone attacks have yet amounted to much.

When run, the Skulls program breaks all the links to Symbian system applications and replaces the icons with images of skulls. Third-party applications are not affected, Hypponen said, allowing users that have installed a non-Symbian file manager to actually find and delete the malicious program files, cleaning the phone.

For users that have no third-party file manager, the only current fix appears to be a hard reset, which will leave the phone in its default factory condition. Unfortunately, this fix will also delete any user data.

"In practice, it is difficult to clean the phone," Hypponen said. "You can't go online, you can't download fixing programs, you can't beam anything to the phone."

While the program can cause some headaches, it is not a significant threat.

Still, it is a signpost indicating the direction that virus writers could be headed, said Vincent Weafer, senior director for security response at Symantec, a maker of antivirus software.

"It does no permanent damage," he said. "But it does mean that people are investing time in investigating the possibilities" for infecting and damaging mobile phones, he said.