Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Locknut.A - a more damaging smartphone virus

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:54 AM

Posted 02 February 2005 - 05:59 AM

This new phone trojan will permanently lockup affected mobile phones and PDAs by replacing a critical binary file. F-Secure has developed a cleaning tool. This new attack illustrates that we have more than just PC worstations and servers to protect in our organization.



Locknut.A is a Symbian SIS file trojan, that replaces critical system binary, causing the phone to lock down so that no applications can be used. This locking is quite similar to the one caused by Skulls variants, but more complete.

Locknut.A is also claimed to prevent user from calling with the phone, but we could not observe such behavior. All the phones we infected with Locknut.A were able to call just fine, all smartphone features were disabled, but calling works fine.

F-Locknut tool is able to disinfect phone even if the Locknut has locked the phone completely. The disinfection is done by installing the F-Locknut into a memory card with a clean phone. And then inserting the card with F-Locknut into infected phone and booting, during boot up the F-Locknut frees the critical system files so that use can access menu again and install an Anti-Virus for full disinfection.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users