Mobilfunk-FAQ - Einzelnen Beitrag anzeigen

Hangman · 24.06.2007, 23:43

Risiko: sehr gering
Typ: Wurm
entdeckt am: 07. März 2005
auch bekannt als: Commwarrior.A [F-Secure], SymbOS/Commwarrior.a [McAfee], SYMBOS_COMWAR.A [Trend Micro]

Information:

SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device.

technische Details:

When SymbOS.Commwarrior.A arrives at a target device, it may perform the following actions:
Creates the following files on the phone:

\system\updates\commwarrior.exe
\system\updates\commrec.mdl
\system\apps\commwarrior\commwarrior.exe
\system\apps\commwarrior\commrec.mdl
\system\recogs\commrec.mdl

Rebuilds an .sis file from the above files into the following location:

\system\updates\commw.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds.

Randomly chooses a phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install.

The MMS messages have the following characteristics:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: Desktop manager
Message: Official Symbian desctop manager.
Subject: Display driver
Message: Real True Color mobile display driver!
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Subject: Free SEX!
Message: Free *SEX* software for you!
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Porno images
Message: Porno images collection with nice viewer!
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Subject: Security update #12
Message: Significant security update. See www.symbian.com
Subject: Symbian security update
Message: See security news at www.symbian.com
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

If it is the first hour of the 14th of any month, the threat resets the device.

weitere Informationen...

24.06.2007, 23:43	#1 (Permalink)
Hangman Administrator Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.358 Downloads: 336 Uploads: 315 Abgegebene Danke: 43 Erhielt 455 Danke für 244 Beiträge	[SymbianOS] SymbOS.Commwarrior.A Risiko: sehr gering Typ: Wurm entdeckt am: 07. März 2005 auch bekannt als: Commwarrior.A [F-Secure], SymbOS/Commwarrior.a [McAfee], SYMBOS_COMWAR.A [Trend Micro] Information: SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device. technische Details: When SymbOS.Commwarrior.A arrives at a target device, it may perform the following actions: Creates the following files on the phone: \system\updates\commwarrior.exe \system\updates\commrec.mdl \system\apps\commwarrior\commwarrior.exe \system\apps\commwarrior\commrec.mdl \system\recogs\commrec.mdl Rebuilds an .sis file from the above files into the following location: \system\updates\commw.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. Randomly chooses a phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The MMS messages have the following characteristics: Subject: Norton AntiVirus Message: Released now for mobile, install it! Subject: 3DGame Message: 3DGame from me. It is FREE ! Subject: 3DNow! Message: 3DNow!(tm) mobile emulator for GAMES. Subject: Audio driver Message: Live3D driver with polyphonic virtual speakers! Subject: CheckDisk Message: FREE CheckDisk for SymbianOS released!MobiComm Subject: Desktop manager Message: Official Symbian desctop manager. Subject: Display driver Message: Real True Color mobile display driver! Subject: Dr.Web Message: New Dr.Web antivirus for Symbian OS. Try it! Subject: Free SEX! Message: Free SEX software for you! Subject: Happy Birthday! Message: Happy Birthday! It is present for you! Subject: Internet Accelerator Message: Internet accelerator, SSL security update #7. Subject: Internet Cracker Message: It is EASY to CRACK provider accounts! Subject: MS-DOS Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: MatrixRemover Message: Matrix has you. Remove matrix! Subject: Nokia ringtoner Message: Nokia RingtoneManager for all models. Subject: PocketPCemu Message: PocketPC REAL emulator for Symbvian OS! Nokia only. Subject: Porno images Message: Porno images collection with nice viewer! Subject: PowerSave Inspector Message: Save you battery and MONEY! Subject: Security update #12 Message: Significant security update. See www.symbian.com Subject: Symbian security update Message: See security news at www.symbian.com Subject: SymbianOS update Message: OS service pack #1 from Symbian inc. Subject: Virtual SEX Message: Virtual SEX mobile engine from Russian hackers! Subject: WWW Cracker Message: Helps to CRACK WWW sites like hotmail.com If it is the first hour of the 14th of any month, the threat resets the device. weitere Informationen... __________________ lesen - denken - posten