CYBERSPACE – Anti-virus software vendor F-Secure has identified a new trojan, based on the Symbian platform, which also attempts to infect PCs when users try to read their phone’s memory card on their computers.“SymbOS/Cardtrap.A is otherwise unremarkable Symbian trojan,” F-Secure stated in its blog (http://www.f-secure.com/weblog/ ), except that it also tries to infect users PC if user inserts the phone memory card to PC.”

The trojan copies two Windows worms (Win32/Padobot.Z and Win32/Rays) to the memory card of a phone when it infects the device. According to F-Secure’s report, Padobot.Z is copied with autorun.inf file in an attempt to start automatically if the card is inserted to PC using windows. Rays is copied with filename SYSTEM.EXE and same icon as the System folder, which F-Secure says is “done as social engineering attempt so that user would click on Rays instead of System folder.”

“To our knowledge, no Windows version supports autorun from a memory card,” F-Secure states in its blog, “but it still might work with some Windows version and third party driver combination.”

F-Secure adds that the purpose of the trojan is “most likely to cause user to infect his PC when he is trying disinfect his phone. A typical reaction of more advanced user who would encounter trojan like Cardtrap, would be to insert the phone memory card to PC to copy file manager or disinfection tool to the card. Only this time a careless user might to get his PC infected in process.”

The company says both Padobot.Z and Rays are detected by their F-Secure Anti-Virus product, and F-Secure has added “detection and disinfection” for both worms to their F-Secure Mobile Anti-Virus product.