Jarno Niemelä F-Secure
download slides (PDF)
Predicting future malware on a new platform is difficult. Thus it is not surprising, that most of the Symbian malware that we have seen so far is rather different than originally expected. The AV community was expecting binary malware doing basically the same things as on the PC platform. What we got was things that play with SIS installation files and other properties of the Symbian operating system.
In this paper the author covers the technical background of current Symbian malware and classifying new cases – when is something a new malware and when is it just another form or repackage of known malware?
On many points the Symbian OS is quite different from mainstream operating systems, so it is natural that some of the techniques used by Symbian malware are different than one might expect.
This paper gives an introduction to the Symbian operating system from the malware point of view. Covering the technical background on the OS features used by malware, what is their original intention, and how they are used for malicious purposes.
In addition, this paper covers classification of Symbian malware samples, what properties of a new malware sample need to be considered when deciding whether it is a new variant or not.
