Mobilfunk-FAQ - Einzelnen Beitrag anzeigen

Hangman · 25.06.2007, 23:31

Risiko: sehr gering
Typ: Trojaner
entdeckt am: 31. Oktober 2006
auch bekannt als: AppDisabler.M [F-Secure]

Information:

SymbOS.Appdisabler.M is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. When installed, it overwrites number of Symbian applications with corrupted files.

technische Details:

The Trojan reportedly arrives as the following file:

Mydoom.sis

When a user opens this file, the phone installer displays a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
MyDoom

When SymbOS.Appdisabler.M is executed, it perfroms the following actions:

Drops the following files:

C:\System\Apps\About\About.app
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Autolock\Autolock.app
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\Camera\Camera.app
C:\System\Apps\CbsUiApp\CbsUiApp.app
C:\System\Apps\FaxModemUi\FaxModemUi.app
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\IrApp\IrApp.app
C:\System\Apps\Logs\Logs.app
C:\System\Apps\mce\mce.app
C:\System\Apps\MediaGallery\MediaGallery.app
C:\System\Apps\Menu\Menu.app
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\NSmlDSSync\NSmlDSSync.app
C:\System\Apps\symcs\scanner.dll
C:\System\Apps\symcs\ssengine.dll
C:\System\Apps\symcs\symcs.app
C:\System\Apps\symlu\ProdList\antivirus.dat
C:\System\Apps\symlu\ProdList\virusdefs.dat
C:\System\Apps\symlu\ProdList\wlu.dat
C:\System\Apps\symlu\symlu.app
C:\System\Apps\VirusScan\clean_install.exe
C:\System\Apps\VirusScan\Scan.dll
C:\System\Apps\VirusScan\VirusScan.app
C:\System\Apps\VirusScan\vsuninstall.exe
C:\System\Apps\Vm\Vm.app
C:\System\Bootdata\CommonData.D00
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\HALData.dat
C:\System\Bootdata\LocaleData.D01
C:\System\Bootdata\SIMLanguage.dat
C:\System\Install\install.log
C:\System\Install\MyDoom.sis

Drops the following files to the compromised device's memory card:

E:\Images\DOOM.wav
E:\Images\Image(11).jpg
E:\Images\Image(18).jpg
E:\Images\Image(22).jpg
E:\Images\Image(301).jpg
E:\Images\Image(43).jpg
E:\Images\Image(50).jpg
E:\Images\Image(88).jpg
E:\Images\Image.jpg
E:\System\Apps\Opera\Opera.app
E:\System\Apps\s60zip\s60zip.app
E:\System\Apps\SkyForce\SkyForce.app
E:\System\Apps\SYMBTChat\STARTER.exe
E:\System\Apps\SYMBTChat\SYMBTChat.aif
E:\System\Apps\SYMBTChat\SYMBTChat.app
E:\System\Apps\SYMBTChat\SYMBTChat.rsc
E:\System\Apps\SYMBTChat\SYMBTChat.sis
E:\System\Apps\SYMBTChat\SYMBTChat_caption.rsc
E:\System\Apps\SystemExplorer\SystemExplorer.app
E:\System\Apps\UltraMP3\UltraMP3.app
E:\System\MyDoom\MyDoom.dll

weitere Informationen...

25.06.2007, 23:31	#4 (Permalink)
Hangman Administrator Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.360 Downloads: 336 Uploads: 315 Abgegebene Danke: 43 Erhielt 455 Danke für 244 Beiträge	[SymbianOS] SymbOS.Appdisabler.M Risiko: sehr gering Typ: Trojaner entdeckt am: 31. Oktober 2006 auch bekannt als: AppDisabler.M [F-Secure] Information: SymbOS.Appdisabler.M is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. When installed, it overwrites number of Symbian applications with corrupted files. technische Details: The Trojan reportedly arrives as the following file: Mydoom.sis When a user opens this file, the phone installer displays a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install MyDoom When SymbOS.Appdisabler.M is executed, it perfroms the following actions: Drops the following files: C:\System\Apps\About\About.app C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\Autolock\Autolock.app C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\Camera\Camera.app C:\System\Apps\CbsUiApp\CbsUiApp.app C:\System\Apps\FaxModemUi\FaxModemUi.app C:\System\Apps\FileManager\FileManager.app C:\System\Apps\IrApp\IrApp.app C:\System\Apps\Logs\Logs.app C:\System\Apps\mce\mce.app C:\System\Apps\MediaGallery\MediaGallery.app C:\System\Apps\Menu\Menu.app C:\System\Apps\mmcapp\mmcapp.app C:\System\Apps\NSmlDSSync\NSmlDSSync.app C:\System\Apps\symcs\scanner.dll C:\System\Apps\symcs\ssengine.dll C:\System\Apps\symcs\symcs.app C:\System\Apps\symlu\ProdList\antivirus.dat C:\System\Apps\symlu\ProdList\virusdefs.dat C:\System\Apps\symlu\ProdList\wlu.dat C:\System\Apps\symlu\symlu.app C:\System\Apps\VirusScan\clean_install.exe C:\System\Apps\VirusScan\Scan.dll C:\System\Apps\VirusScan\VirusScan.app C:\System\Apps\VirusScan\vsuninstall.exe C:\System\Apps\Vm\Vm.app C:\System\Bootdata\CommonData.D00 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\HALData.dat C:\System\Bootdata\LocaleData.D01 C:\System\Bootdata\SIMLanguage.dat C:\System\Install\install.log C:\System\Install\MyDoom.sis Drops the following files to the compromised device's memory card: E:\Images\DOOM.wav E:\Images\Image(11).jpg E:\Images\Image(18).jpg E:\Images\Image(22).jpg E:\Images\Image(301).jpg E:\Images\Image(43).jpg E:\Images\Image(50).jpg E:\Images\Image(88).jpg E:\Images\Image.jpg E:\System\Apps\Opera\Opera.app E:\System\Apps\s60zip\s60zip.app E:\System\Apps\SkyForce\SkyForce.app E:\System\Apps\SYMBTChat\STARTER.exe E:\System\Apps\SYMBTChat\SYMBTChat.aif E:\System\Apps\SYMBTChat\SYMBTChat.app E:\System\Apps\SYMBTChat\SYMBTChat.rsc E:\System\Apps\SYMBTChat\SYMBTChat.sis E:\System\Apps\SYMBTChat\SYMBTChat_caption.rsc E:\System\Apps\SystemExplorer\SystemExplorer.app E:\System\Apps\UltraMP3\UltraMP3.app E:\System\MyDoom\MyDoom.dll weitere Informationen... __________________ lesen - denken - posten