Fontal is a SymbOS (Symbian OS) trojan that can only spread in Nokia, and this virus is based on Bluetooth with the PC. It is very similar to the 1970 iPhone Bug and Doomboot. It is one of the only viruses on the mobile device known as Nokia.


Fontal spreads by Bluetooth. When connected the user will see a new message titled "kill saddam.sis" (which means a trojan based "Fontal").

After installing the trojan, if the Nokia reboots, the boot will be stuck due to loading of the corrupted font file it installed.

The files installed are listed:

  • Kill sadam font.gdr
  • zKill sadam.aif
  • kill sadam1.rsc
  • Kill sadam.rsc
  • Kill

Since the boot will fail, the device's storage needs to be formatted, causing the device to lose all of its data and load the factory settings.


This trojan has 8 variants, most that is simply renames.


It will also corrupt the Application Manager with AppManager, which when opened, nothing happens.

Fontal.B and Fontal.G

It undergoes a name of "Nokia Anti-Virus.sis", and displays a message after installation:

Nokia Anti-Virus keep your phone protected from mobile virus. Please restart
your phone after installation complete to activate your anti-virus product.
If you found any problem regarding this software, please call :


It disables Application Manager, Messaging, and Installing.


It also drops Commwarrior.B and another copy of itself.


It undergoes a name of "EICAR Anti-Virus.sis".


It undergoes a name of "Nokia Update By 0ID500.sis".


It undergoes a name of "T-VIRUS.sis". This makes it obvious that it is a virus, though it can be confused for anti-malware.