Mobilfunk-FAQ - Einzelnen Beitrag anzeigen

Hangman · 25.06.2007, 00:45

Risiko: sehr gering
Typ: Wurm
entdeckt am: 07. März 2005
auch bekannt als: SymbOS/Commwarrior.b!sys [McAfee]

Information:

SymbOS.Commwarrior.B is a worm that replicates on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device.

technische Details:

When SymbOS.Commwarrior.B arrives at a target device, it may perform the following actions:

Creates the following files on the phone:

\system\apps\commwarrior\commwarrior.exe
\system\apps\commwarrior\commrec.mdl
\system\updates\commwarrior.exe (24,516 bytes)
\system\updates\commrec.mdl (2152 bytes)
\system\updates\commw.sis (27,162 bytes)

Note: The only difference between SymbOS.Commwarrior.B and SymbOS.Commwarrior.A is the size of the files dropped.

Runs and executes commwarrior.exe at system startup from the recognizer file in c:\system\recogs\commrec.mdl. This will allow the process to continue.

Rebuilds an .sis file from the above files into the following location:

\system\updates\commw.sis

Searches for nearby Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file, every minute, to all devices that it finds.

Randomly choose a contact phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install.

The MMS messages have the following characteristics:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: Desktop manager
Message: Official Symbian desctop manager.
Subject: Display driver
Message: Real True Color mobile display driver!
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Subject: Free SEX!
Message: Free *SEX* software for you!
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Porno images
Message: Porno images collection with nice viewer!
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Subject: Security update #12
Message: Significant security update. See www.symbian.com
Subject: Symbian security update
Message: See security news at www.symbian.com
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

If it is the first hour of the 14th of any month, the threat resets the device.

weitere Informationen...

25.06.2007, 00:45	#2 (Permalink)
Hangman Administrator Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.360 Downloads: 336 Uploads: 315 Abgegebene Danke: 43 Erhielt 455 Danke für 244 Beiträge	[SymbianOS] SymbOS.Commwarrior.B Risiko: sehr gering Typ: Wurm entdeckt am: 07. März 2005 auch bekannt als: SymbOS/Commwarrior.b!sys [McAfee] Information: SymbOS.Commwarrior.B is a worm that replicates on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device. technische Details: When SymbOS.Commwarrior.B arrives at a target device, it may perform the following actions: Creates the following files on the phone: \system\apps\commwarrior\commwarrior.exe \system\apps\commwarrior\commrec.mdl \system\updates\commwarrior.exe (24,516 bytes) \system\updates\commrec.mdl (2152 bytes) \system\updates\commw.sis (27,162 bytes) Note: The only difference between SymbOS.Commwarrior.B and SymbOS.Commwarrior.A is the size of the files dropped. Runs and executes commwarrior.exe at system startup from the recognizer file in c:\system\recogs\commrec.mdl. This will allow the process to continue. Rebuilds an .sis file from the above files into the following location: \system\updates\commw.sis Searches for nearby Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file, every minute, to all devices that it finds. Randomly choose a contact phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The MMS messages have the following characteristics: Subject: Norton AntiVirus Message: Released now for mobile, install it! Subject: 3DGame Message: 3DGame from me. It is FREE ! Subject: 3DNow! Message: 3DNow!(tm) mobile emulator for GAMES. Subject: Audio driver Message: Live3D driver with polyphonic virtual speakers! Subject: CheckDisk Message: FREE CheckDisk for SymbianOS released!MobiComm Subject: Desktop manager Message: Official Symbian desctop manager. Subject: Display driver Message: Real True Color mobile display driver! Subject: Dr.Web Message: New Dr.Web antivirus for Symbian OS. Try it! Subject: Free SEX! Message: Free SEX software for you! Subject: Happy Birthday! Message: Happy Birthday! It is present for you! Subject: Internet Accelerator Message: Internet accelerator, SSL security update #7. Subject: Internet Cracker Message: It is EASY to CRACK provider accounts! Subject: MS-DOS Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: MatrixRemover Message: Matrix has you. Remove matrix! Subject: Nokia ringtoner Message: Nokia RingtoneManager for all models. Subject: PocketPCemu Message: PocketPC REAL emulator for Symbvian OS! Nokia only. Subject: Porno images Message: Porno images collection with nice viewer! Subject: PowerSave Inspector Message: Save you battery and MONEY! Subject: Security update #12 Message: Significant security update. See www.symbian.com Subject: Symbian security update Message: See security news at www.symbian.com Subject: SymbianOS update Message: OS service pack #1 from Symbian inc. Subject: Virtual SEX Message: Virtual SEX mobile engine from Russian hackers! Subject: WWW Cracker Message: Helps to CRACK WWW sites like hotmail.com If it is the first hour of the 14th of any month, the threat resets the device. weitere Informationen... __________________ lesen - denken - posten