Symbian-targeting SMS worms in-the-wild

A string of SMS worms targeting Symbian Series 60 3rd Edition devices has been spotted in-the-wild in China.

Called MerogoSMS, this family of worms propagates in the most typical of ways: the recipient receives a text message containing a link that, if followed, leads the user to a malicious website where he is asked to download and install an application.

The application “infects” the phone, and the phone starts sending out the malicious messages and, thus, the worm is spreading. F-Secure researchers say that these worms also send messages to expensive premium-rate numbers.

It is interesting to note that while an unsigned software can’t be installed on the Symbian Series 60 3rd Edition phones, the SISX installation packages of this particular worm HAS passed through the Symbian Signed process, probably because the author(s) submitted those packages that wouldn’t be raising any red flags.

The Symbian Foundation has reacted by revoking the publisher ID used for the packages.




Share this