An Internet Access Point, shortened IAP, is a "a collection of settings that define how a connection to a particular network is made" . For example, it stores the Access Point Name (APN) for GPRS networks, the SSID for Wifi etc. On Symbian mobile phones, IAPs are stored in a table of the Communication Database.
In the SymbOS/Yxes worm (2009 / 2010), we had already seen the worm search through available IAPs on the mobile phone, select all outgoing WCDMA entries, add them to a list and silently use one of those to connect to Internet .
Since the beginning of summer 2010, we have also analyzed a bunch of malware that specifically looks for China Mobile's IAP, and hence only fully work if the victim's mobile phone is a China Mobile subscriber. This is the case of SymbOS/NMPlugin.A!tr, SymbOS/ShadowSrv.A!tr, SymbOS/Downsis.A!tr, SymbOS/Multidr.DC!tr, SymbOS/LinkHttp.A!tr ...
For example, below, SymbOS/NMPlugin.A!tr parses all IAPs and counts those using cmwap (China Mobile WAP):
BL GetAPNAndStuff ; returns the APN of an IAP SUB R0, R11, #apn LDR R1, =aCmwap ; "cmwap" BL _ZN7TPtrC16C1EPKt ; TPtrC16::TPtrC16(ushort const*) SUB R3, R11, #apn SUB R0, R11, #cmwapstring MOV R1, R3 BL _ZNK7TDesC168CompareFERKS_ ; TDesC16::CompareF(TDesC16 const&) CMP R0, #0 ; compare the APN with "cmwap" BNE loc_1C358 ... loc_1C358 LDR R3, [R11,#counter] ADD R3, R3, #1 ; increment counter if cmwap STR R3, [R11,#counter]
Even more sophisticated, we have now seen SymbOS/CReadMe.A!tr search the communication database for an IAP whose name is "CWAP(2)", and if none are found, the malware adds China Mobile's access points cmwap and cmnet.
Of course, this IAP can only be used if the victim's phone has subscribed to China Mobile's network. However, taking into account that end-users often have difficulties to configure their mobile phones to access Internet, this surely is a good idea for the malware to ensure its host is properly configured...
-- the Crypto Girl
 I. Campbell, Symbian OS Communications Programming, 2nd edition, Ed. Wiley, 2007.
 See Appendix of A. Apvrille, Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010