The hoo-ha about a new piece of malware 'for S60 3rd Edition' called 'Isexplayer' should be utterly beneath our contempt - it's a non-story and I'll simply link to Vaibhav, who also dispells any worry very succinctly. Move on, folks, nothing to see.
Read on in the full article.
Symbian Freak reported it yesterday but I still can't find the installation file anywhere, they didn't respond on my mail and I really doubt it even exist?
It's a virus which siphons money of IT bloggers who have to try it out to see if it really works.
I found a link to the jad here: test dot 3gx dot se (caution, go there on your own risk). At least it was still up 5 minutes before I started to write this post.
So, at least it seems to exist. But, oh boy, what kind of lame "malware" is this. You have to install it yourself, you have to give it permission to access the Internet yourself...
Posted this on Vaibhavs blog as well.. I was the one who initially reported this on Esato... heres the link to that story:
http://www.esato.com/board/viewtopic.php?topic=171238
This is what I posted on Vaibhavs blog..
"Rahul S Says:
July 10, 2008 at 2:27 pm
This is not a true malware but at the time of installation it does ask for permission to call an international number. I will add what the user agreement says
But what it did in my case is dial an international number for which I was billed 799 Indian Rupees affter just installing the app. These calls were made automatically. I have the bill details with me as well
The license agreement (I am sure not many read the complete stuff)
�B)Access fee:Users get unlimited access to the 3g6.se and is billed subsequently per entry. The access is billed by calls made to an international destination. The application will try to call destinations which is the most inexpensive for the subscriber (based on the subscribers country of residence), but are not in any matter obligated to do so. You agree to let the application make these calls to pay for access fee when due according to these billing terms. Total call duration for unlimited access may vary from 10 minutes to four hundred minutes per entry, depending on the subscribers country of origin and available international destination�
In my case, only installing the application triggered the calls. 13 calls made in all amounting to about 20USD. ALL WITHOUT MY KNOWLEDGE. The number was in the call logs.
This link has my story as well...
http://www.softsecurity.com/news_D2042_focus.html
I am a well known member at Esato (whizkidd) been into series 60 since ages and find it disturbing when a comment appears rebutting the report without actually checking. I have installed the app and it does make calls... automatically. And they have played the safe card claiming that the calls would be made anyway as fee for the services (which I never availed). I am unsure if this app behaved this way on my phone only. (I only installed it.. did nothing else) If anyone can check by installing this..that would be great.
The point here to note is, even advanced users can be fleeced so novice users should be careful.. Read the damn license agreement completely!
The original story talks about a .sis file, while http://www.softsecurity.com/news_D2042_focus.html says it is a .jar file. Can this be clarified, as the implications are rather different for the case of a .jar (Java, not Symbian Signed) file versus a .sis (Symbian C++, Symbian or Self Signed) file.
It says .sis file after download it... (I will sign up here damn!) lol
The page that I gave is still up and has a link to a JAD file. It describes a J2ME MIDP 2.0 JAR file with a size of 101313 bytes.
But unfortunately the JAR file itself seems not to be there anymore where the JAD says it should be, so I cannot come up with the final proof that it is Java and *not* native.
So, not exactly malware then. This isn't a virus, a work or a trojan, although I doubt Nokia would be happy to have such software on their Mosh site.