Spyware:WinCE/BopSmiley.A

Classification

Category :

Spyware

Type :

Monitor

Platform :

WinCE

Summary

BopSmiley is a spying application for mobile phones using Windows PocketPC or Windows Smartphone operating systems.

When the application is active on a phone, it records both voice call and SMS information and sends the details to a third party server.

Removal

Disinfecting using F-Secure Mobile Anti-Virus

  • Download F-Secure Mobile Anti-Virus from https://f-secure.mobi and activate the Anti-Virus.
  • Scan the phone and remove any components of the malware.
  • Reboot the phone to remove memory resident components.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Installation

BopSmiley.A is installed in a standard CAB package. After installation, the application needs to be started with a File Manager in order to insert required credentials that access the third party server. When the credential information is in place, the application can be set to a hidden mode so that during normal phone use BopSmiley.A will not be visible to the user.

Whomever wishes to track the use of a phone with this application needs to have physical access to the phone. No phone is accidentally monitored by this spying application.

User Interface

The user interface of BopSmiley.A is only accessible during the initialization phase.

Recording the Victim's Communication

BopSmiley.A records both voice call and SMS information and sends the details to a third party server. From the third party site, the information can be accessed through a web browser.

Below is a list of the files contained in the installation package that are installed, some of which remain after disinfection:

  • Device\Program Files\Smartphone\hsmsutil.dll
  • Device\Program Files\Smartphone\OpenNETCF.dll
  • Device\Program Files\Smartphone\OpenNETCF.Net.dll
  • Device\Program Files\Smartphone\smarphone.log
  • Device\Program Files\Smartphone\Smartphone.exe