Risiko: sehr gering
Typ: Wurm
entdeckt am: 14. Oktober 2005
auch bekannt als: SYMBOS_COMWAR.C [Trend Micro], SymbOS/Commwarrior.C [McAfee]
Information:
SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis.
technische Details:
When SymbOS.Commwarrior.C is executed, it performs the following actions:
Copies itself as C:\System\programs\cwoutcast.exe.
Creates the following files:
C:\System\apps\SymCommander\SymCommander.app
C:\System\apps\SymCommander\SymCommander.rsc
C:\System\apps\SymCommander\SymCommander.aif
C:\System\apps\SymCommander\SymCommander (zero bytes in length)
Creates a copy of itself as \System\bootdata\lib\cwoutcast.exe on C:\ and on all the MMC cards the worm finds.
Creates the file \System\recogs\cworec.mdl on C: and on all the MMC cards the worm finds, so it runs every time the mobile device starts.
Recreates a SIS file in the folder where the worm executable ran. The SIS file contains the worm executable file cwoutcast.exe.
Sets its thread into a protected state so that its process cannot be ended easily.
Recreates files on the device, if a user tries to delete the worm executable or its .mdl component.
Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds.
Searches for phone numbers from the device's address book.
Sends an MMS message containing the worm SIS file as an attachment to all the numbers that it finds.
Listens for any arriving MMS or SMS messages and replies with an MMS message containing the worm SIS file as an attachment.
Listens for any SMS messages that the user sends and sends an MMS message containing the worm SIS file as an attachment to the same number.
weitere Informationen...