Mobilfunk-FAQ - Einzelnen Beitrag anzeigen

Hangman · 25.06.2007, 23:45

Risiko: sehr gering
Typ: Trojaner
entdeckt am: 07. November 2006
auch bekannt als: keine Angabe

Information:

SymbOS.Appdisabler.O is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device by overwriting them with some corrupted files. It also drops some corrupted files to the device's memory card.

technische Details:

The Trojan reportedly arrives as the following file.
MyDoom.sis

When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
MyDoom

When SymbOS.Appdisabler.O is executed, it performs the following actions:

Drops the following files:

C:\System\Apps\Anti-Virus\Anti-Virus.app
C:\System\Apps\antivirus\antivirus.app
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\Duality\Duality.app
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\IrApp\IrApp.app
C:\System\Apps\mce\mce.app
C:\System\Apps\MediaGallery\MediaGallery.app
C:\System\Apps\MediaPlayer\MediaPlayer.app
C:\System\Apps\Menu\Menu.app
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\MmsViewer\MmsViewer.app
C:\System\Apps\MsgMailViewer\MsgMailViewer.app
C:\System\Apps\NSmlDSSync\NSmlDSSync.app
C:\System\Apps\Phone\Phone.app
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\Startup\Startup.app
C:\System\Apps\symcs\symcs.app
C:\System\Apps\symlu\symlu.app
C:\System\Apps\SysAp\SysAp.app
C:\System\Fonts\MyDoom.gdr
C:\System\Install\install.log
C:\System\Install\MyDoom.sis

Drops the following files to the compromised device's memory card:

E:\System\Apps\F-Secure\f-secure.DOOM
E:\System\Apps\irRemote\irRemote.app
E:\System\Apps\MM\MM.app
E:\System\Apps\Opera\Opera.app
E:\System\Apps\s60zip\s60zip.app
E:\System\Apps\SystemExplorer\SystemExplorer.app
E:\System\Apps\UltraMP3\UltraMP3.app

Note: All .app files dropped to memory card are corrupted files.

weitere Informationen...

25.06.2007, 23:45	#6 (Permalink)
Hangman Administrator Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.365 Downloads: 336 Uploads: 315 Abgegebene Danke: 43 Erhielt 455 Danke für 244 Beiträge	[SymbianOS] SymbOS.Appdisabler.O Risiko: sehr gering Typ: Trojaner entdeckt am: 07. November 2006 auch bekannt als: keine Angabe Information: SymbOS.Appdisabler.O is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device by overwriting them with some corrupted files. It also drops some corrupted files to the device's memory card. technische Details: The Trojan reportedly arrives as the following file. MyDoom.sis When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install MyDoom When SymbOS.Appdisabler.O is executed, it performs the following actions: Drops the following files: C:\System\Apps\Anti-Virus\Anti-Virus.app C:\System\Apps\antivirus\antivirus.app C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\Duality\Duality.app C:\System\Apps\FileManager\FileManager.app C:\System\Apps\IrApp\IrApp.app C:\System\Apps\mce\mce.app C:\System\Apps\MediaGallery\MediaGallery.app C:\System\Apps\MediaPlayer\MediaPlayer.app C:\System\Apps\Menu\Menu.app C:\System\Apps\mmcapp\mmcapp.app C:\System\Apps\MmsViewer\MmsViewer.app C:\System\Apps\MsgMailViewer\MsgMailViewer.app C:\System\Apps\NSmlDSSync\NSmlDSSync.app C:\System\Apps\Phone\Phone.app C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\Startup\Startup.app C:\System\Apps\symcs\symcs.app C:\System\Apps\symlu\symlu.app C:\System\Apps\SysAp\SysAp.app C:\System\Fonts\MyDoom.gdr C:\System\Install\install.log C:\System\Install\MyDoom.sis Drops the following files to the compromised device's memory card: E:\System\Apps\F-Secure\f-secure.DOOM E:\System\Apps\irRemote\irRemote.app E:\System\Apps\MM\MM.app E:\System\Apps\Opera\Opera.app E:\System\Apps\s60zip\s60zip.app E:\System\Apps\SystemExplorer\SystemExplorer.app E:\System\Apps\UltraMP3\UltraMP3.app Note: All .app files dropped to memory card are corrupted files. weitere Informationen... __________________ lesen - denken - posten