This new phone trojan will permanently lockup affected mobile phones and PDAs by replacing a critical binary file. F-Secure has developed a cleaning tool. This new attack illustrates that we have more than just PC worstations and servers to protect in our organization. http://www.f-secure.com/v-descs/locknut_a.shtml http://www.f-secure.com/weblog/
Locknut.A is a Symbian SIS file trojan, that replaces critical system binary, causing the phone to lock down so that no applications can be used. This locking is quite similar to the one caused by Skulls variants, but more complete.
Locknut.A is also claimed to prevent user from calling with the phone, but we could not observe such behavior. All the phones we infected with Locknut.A were able to call just fine, all smartphone features were disabled, but calling works fine.
F-Locknut tool is able to disinfect phone even if the Locknut has locked the phone completely. The disinfection is done by installing the F-Locknut into a memory card with a clean phone. And then inserting the card with F-Locknut into infected phone and booting, during boot up the F-Locknut frees the critical system files so that use can access menu again and install an Anti-Virus for full disinfection.