Threat behavior
Dialer:WinCE/Terdial.A is a dialer trojan that makes outbound calls to a premium rate phone number. This action results in unexpected and often large telephone charges on affected users’ phone bills.
Installation
In the wild, this trojan has been seen to be packaged with a third party application named "3D Anti-Terrorist action" in files named "antiterrorist3d.cab" and "codecpack.cab". This trojan runs on Windows Mobile 6.5 devices.
The trojan may be present as the following on an affected device:
\Windows\smart32.exe
When installed, the trojan attempts to dial the following international toll numbers at random intervals every 0 to 3 days:
-
+8823460777
-
+17675033611
-
+88213213214
-
+25240221601
-
+2392283261
-
+881842011123
Analysis by Tim Liu
Prevention
