Botnet Trojan Got Through Symbian Foundation App Vetting Security Filters

Symbian admits Trojan slip-up

Here’s the bullet point version of CNET’s reasonably detailed article…

– Symbian vetting process digitally signs accepted submission to ID source for future interactioon
– Submitted app scanned using F-Secure (app disquised as ACSServer.exe)
– Random samples submitted for human audit process
– Botnet Trojan passed through this process
– Symbian Foundation became aware of the problem two weeks ago
– Digital signature for app revoked
– Error in Symbian servers allowed the app to be available for download until this week

Nasty stuff.