I found the fourth variant of the Trojan called Pbstealer and there are again some changes. The working is as follows:

1. The Trojan arrives in a file named 'PBCompressor.sis' having a file size of 12.2 KB. As seen in the earlier variants, the user can't install it in the memory card. Just like the third variant, it creates 2 files named 'pbcompressor.app' and 'pbcompressor.rsc' in C:\SystemMail\00110001_S folder.

2. As soon as the Trojan is installed, it executes itself and creates a text file named 'PHONEBOOK.TXT' containing Contacts, Notes, To-Do and Calendar data in C:\System\Mail. And then it tries to send that file to the first Bluetooth device discovered.

3. Now, here are the changes. As soon as the user gets the prompt saying Done!!! Press OK to exit and accepts it, the Trojan deletes its own files which are as follows:

a. 'pbcompressor.app' in C:\System\Mail\00110001_S
This is the file that executes just after the installation completes.

b. 'PBCompressor.sis' in Inbox.
If the user directly transfers the Trojan to the phone using Bluetooth or IR, then the SIS file appears in Inbox. And then he installs it from there. Assuming that the user will install by this method, the Trojan is programmed to delete 'PBCompressor.sis' in Inbox.

However, if the user doesn't have the file in Inbox and installs from some other location using a file manager, the installation file will not get deleted.

Also, if the user receives the Trojan which is renamed to something else than 'PBCompressor.sis', the installation file is again not deleted even if the file is in Inbox. This is because the Trojan is programmed to delete the file named 'PBCompressor.sis' in Inbox.

It is important to know that even if the SIS file is deleted, it will still be visible in Inbox. But obviously, the user will not be able to run it as the actual file doesn't exist.

c. 'PBCompressor.sis' in C:\System\Install
This is the file which is created automatically when any SIS application is installed. It is because of this file the user is able to see the application in Application manager. So the trojan is not seen there.

If the user installed the SIS file which is renamed to something else like 'Patch.sis', then the file created in C:\System\Install will also be named 'Patch.sis'. So again, this file won't be deleted and will be seen in Application manager.

d. 'PHONEBOOK.TXT' in C:\System\Mail
It is important to note that this text file is not actually deleted like the previous files. If the user goes to C:\System\Mail using a file manager and tries to open this text file, it doesn't open and gets deleted.

The only file that is not deleted is 'pbcompressor.rsc' in C:\System\Mail\00110001_S folder.

There is another important thing to note. When the Trojan is executed, the prompt saying Done!!! Press OK to exit appears after some seconds. So if the user closes the Trojan earlier when the prompt has not yet appeared, the above files do not get deleted automatically.

So this time the fourth variant tries to remove its traces.

I just now checked my online friend's site and he has posted about my blog and actually did some praising. So I thought of blogging about him.  His name is Dhaval. Actually he is the guy who helps me a lot in some serious computer related technical issues. At the age of 20, I can say that he has achieved a lot and has a long way to go. Hehe, this guy has mastered 30+ programming languages and of course without any training.   He is also a Microsoft MVP (Most Valuable Professional).

However, he is running his own company and is so busy with work that his blog has to suffer sometimes. Here is the link - http://www.dhavalfaria.com.

It has been a real long time since mobile malware came into existence. But sadly, most of the users hardly follow any security measures. Heh...I should say, most of the users hardly KNOW about any security measures. Today, mobile phones are not just used for conversations but they also contain important data. And malware is a major threat for this data.

Nokia has a so called security site but one can't find it easily. Things would have been different if Nokia could give this site a little share of publicity that the N-Series phones or any other Nokia phone gets. The site has a side section with a heading: "Get Up-to-Date". However, one should not take this seriously because Commwarrior is now old news...  But still, it has provided some good security measures which a user should be aware of. Anyways, here is the link.

A service called StealthText has been introduced in the UK which has brought to life the self-destructing messages of 'Mission Impossible.'

via BBC News:

The commercial service allows sensitive messages to be destroyed 40 seconds after being read. Developed by a British firm, Staellium, it is designed to allay worries about incriminating messages.

The most high-profile case of embarrassing text messages in recent years was the revelations of messages sent from England football captain David Beckham to his personal assistant Rebecca Loos.

Privacy comes at a price. Each text using the system costs 50 pence, though users have to sign up for a minimum of 10 messages.

People interested in using the service to send messages have to register and download a small program onto their mobile phone.

Once a message has been sent, the recipient receives a text notification showing the sender's name and a link to the message.

After they have opened it, the message disappears after 40 seconds.

Despite the fact the message will be removed from phones, users cannot entirely avoid a data trail.

For legal reasons, a log of the message will remain on a secure server to which they have no access.

Nokia has also released a patch for Nokia N70 which removes the ringtone problem faced by many users. Sometimes your phone might not ring or vibrate when a call is received. There are a few reasons why this might occur:

1. If you have deleted your ring tone file or changed your MMC card, the phone may not be able to find the ring tone file and therefore cannot play it. Please ensure that your selected ring tone file still exists on the phone or the MMC card.
 
2. Complex ring tones (MIDI, AAC, MP3 or WAV files) can sometimes take a long time to load and play. Occasionally when this happens the phone uses a default ring tone setting which may be missing. To ensure this default ring tone is present you can download this patch file and then transfer and install it on your phone. This patch is recommended even if you have not experienced any problem with the ring tone. If your phone shows a security notification when you are installing the file, please ignore it and continue with the installation.

This patch can be downloaded from the Nokia N70 Support Page.

A new firmware version for Nokia N70 has been released which is version 3.0546.2.3.

Improvements made from v 2.0536.0.2 to 3.0546.2.3:

Bluetooth
- Audio routing corrected for HS-4W , HS-26W & HS-11W headsets & HS-6W Car HF
- Audio distortion when connected to HS-4W & HS-11W has been corrected
- Pairing problem with Nokia 770 corrected
- PC Suite correctly identifies bluetooth name in phone after restoring backup

Camera (Still / Video Capture)
- Correction made to enable "Easy share" after image capture
- Erroneous memory full note removed after starting video capture
- Video capture quality menu: improved scrolling speed
- Sequence mode capture reliability improvements
- Reliability improvement to image sending via Bluetooth
- Option to reset user scenes now works
- Video recording audio quality in Night mode improved
- Minor video encoder improvements for colour capture
- Multimedia Key
- No longer disables security lock under certain conditions

Audio
- If system loading prevents user defined ringtone play then fall back now implemented to play backup ringtone
- Improvements to contact name matching with SIND
- Improvements to SIND performance following resynchronisation of contacts via Bluetooth from PC Suite
- Improvements to AAC decoding

Browser
- http://www.nokia.com no longer crashes browser application
- Browser no longer crashes when ROP closed when a streaming link is set on the homepage
- WAP push messages can now be deleted by using the C key
- Audio/MPEG MIME type now recognized for downloaded music

Media Gallery
- Slideshow no longer stops if selected items include DRM expired images or animated GIFs
- Improved Chinese file name handling in Gallery

Email
- Improved reliability of reconnection to users mailbox
- Improvement in handling malformed email headers

SIM
- Fix to allow viewing of SIM stored messages on certain SIM card types
- Reset fixed with Ukrainen SIM
- Improved handling of StarHub & T-Mobile SIM cards

Cellular Signalling
- Location update improvements in 2G on Ericsson Infrastructure
- USSD alerting enabled

Java
- SD download improvements

Image printing
- Opening an image which is already opened in another application no longer crashes the phone
- Improved handling of large (several MBytes) images

Video
- Improvement in termination of RTVS session if MT caller session ended by 2G reselection
- Pause /resume usability improvements on video playback
- Idle screen draws correctly after video streaming ended
- Video Editor crash resolved when canceling MP4 conversion for MMS sending - APAC variants: input method follows language selection - previously input method remained in Arabic
- Phone reset when alarm activated during playing of Snakes game is now fixed
- Improvement such that following aborted USB reflash attempt, phone can be recovered by flashing via FPS-10
- General Binary compatibility improvements
- Handling of accented characters in filenames now more robust, especially seen in Movie Director application
- Visual content handling improvements in Visual Radio Application
- Message sending to multiple recipients now no longer shows corrupted UI
- Improvements to Data transfer application

[Edit] Forgot to add the source of information before.

Source : Symbian-Freak

[/Edit]

Did you know that the Sound clips > Digital sounds and Sound clips > Tones folders that you see in Gallery or File manager actually have some other names? These folders are used to save ringtones so that they appear in Profiles. Different names appear for the user's convenience.

Their actual names are Sounds > Digital and Sounds > Simple. This may not look like an important information but it is really good to know. Many users who do not format their memory cards in their phones, create these folders manually and name them wrongly. And at the end of the day, they get convinced that either the card is faulty or their phone......

Many users don't know that they can record a phone call in their S60 phones. May be because they don't read the user manual. Recording a phone call can be very useful for both personal and business purposes. To record a phone call, the following should be done:

1. During the call, press the Menu button and open Recorder.
2. Press Options > Record sound clip.

However, the recording will stop after 1 minute and then the user needs to record another clip.

Note: In some laws, you may need to notify the other party about the recording. Both parties hear a beep every 5 seconds.

I found another variant of Pbstealer which is spreading in a SIS file named 'PBCompressor.SIS'. This time it can also steal the To-Do and Calendar data along with Contacts and Notes.

Another change in this variant is that it doesn't copy its files in the C:\System\Apps folder. This time the location of the files is C:\System\Mail\00110001_S\pbcompressor.app and C:\System\Mail\00110001_S\pbcompressor.rsc .

The removal method of this variant is same as the original one.

There are a lot of freeware applications availaible for S60 phones and my favourite is ofcourse FExplorer. I see that I'm so dependent on it as it lets me tweak my phone. It is a must for an advanced user. One can also manually remove malware (if he knows how to do that) and do lots more. But for newbies, it can be dangerous as it exposes the system files and one wrong move can damage the phone. Don't know why people recommend it to them just like that.

Many users are not even aware of all freewares availaible. Here is a great list of such applications for them - http://www.simonjudge.com/s60freeware.html .