Less than a week after the first Trojan Horse designed to infect and exploit the data on Pocket PCs turned up, a second one aimed at Symbian smartphones has appeared.

Unlike last week's Pocket PC Trojan Horse (see Malicious Code Exploits Backdoor in PDA Security), which arrived in the form of a disguised e-mail attachment, today's Symbian Trojan Horse comes embedded in a cracked edition of Ojom’s game Mosquito.

Cracked games are illegal versions of applications that normally require registration codes, but because they are 'cracked,' the registration number isn't needed. So the only way to become infected with the new Symbian Trojan Horse is to knowingly or unwittingly download illegal software.

Although the Trojan Horse comes in the form of a stolen game, the affect it has on a Symbian handset and a user's pocketbook are not fun.

Here's how it works. The Symbian Trojan Horse becomes activated when the pirated game is launched. Upon which, it copies itself to the system/apps/Mosquitos/ folder on the smartphone and then sends SMS messages out in the background at premium rates while the game is being played.

SMS rates can go as high as 5.99 per minute. So after a short while, the monetary damage from the Trojan Horse far exceeds the cost of buying Mosquito legitimately in the first place.

According to Symbian, the 'cracked' edition of Mosquito is being distributed by 'warez' websites (illegal software download sites) and on peer-to-peer networks for Series 60-based Symbian handsets, such as Nokia's new 6620.

To install the game, users must ignore two warnings that identity the application developer as 'unknown' (see images below). To protect oneself, the platform provider recommends paying close attention to such warnings.

Smartphone users should also be careful about launching attachments. The Pocket PC Trojan Horse from last week demonstrated that malicious code for handhelds can also be distributed through e-mail.

We recommend all handheld users follow some basic guidelines to keep their devices and, more importantly, the data they hold safe. These guidelines can be found in the articles listed bellow.

Top 10 Items You Shouldn't Allow on Employee Unprotected PDAs (and what do about it)
With all of the time and money companies devote to securing their IT systems, a single unsecured PDA can poke a hole in a corporate security wall the size of Montana.

Learn the Basics of Handheld Security
While PDA and smartphone security is often a forgotten piece of the security infrastructure, these devices have the ability to transmit and receive viruses, and can be exploited in numerous ways. In this article, the first in a series on the subject, we provide a general overview of PDA security and discuss vulnerabilities, products, security issues, and policies.