Hangman

Risiko: sehr gering
Typ: Trojaner
entdeckt am: 07. November 2006
auch bekannt als: AppDisabler.Q [F-Secure]

Information:

SymbOS.Appdisabler.Q is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to disable a number of Symbian applications by overwriting their main executable files.

technische Details:

When SymbOS.Appdisabler.Q is executed, it performs the following actions:
Copies itself as the following file:

MyDoom.sis

Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the MyDoom.sis file:

Install MyDoom

Drops the following files:

C:\System\Apps\Anti-Virus\Anti-Virus.app
C:\System\Apps\AntiVirus\Update.ini
C:\System\Apps\AntiVirus\~AntiVirus.app
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\BdMobile\BdMobile.app
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\Disinfector\Disinfector.app
C:\System\Apps\DivXplayer\DivXplayer.app
C:\System\Apps\Duality\Duality.app
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\IrApp\IrApp.app
C:\System\Apps\mce\mce.app
C:\System\Apps\MediaGallery\MediaGallery.app
C:\System\Apps\MediaPlayer\MediaPlayer.app
C:\System\Apps\Menu\Menu.app
C:\System\Apps\MM\MM.app
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\MmsViewer\MmsViewer.app
C:\System\Apps\MsgMailViewer\MsgMailViewer.app
C:\System\Apps\NSmlDSSync\NSmlDSSync.app
C:\System\Apps\Phone\Phone.app
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\Startup\Startup.app
C:\System\Apps\symcs\symcs.app
C:\System\Apps\symlu\symlu.app
C:\System\Apps\SysAp\SysAp.app
C:\System\Data\backgroundimage.mbm
C:\System\Data\Calcsoft
C:\System\Data\Calendar
C:\System\Data\Contacts.cdb
C:\System\Data\mediaplayer.dat
C:\System\Data\midp2\systemams\MIDP2SystemAMSDynam ic.db
C:\System\Data\midp2\systemams\MIDP2SystemAMSStati c.db
C:\System\Data\NSmlDSSettings.db
C:\System\Data\Profiles\Profile0.dat
C:\System\Data\Profiles\Profile1.dat
C:\System\Data\Profiles\Profile2.dat
C:\System\Data\Profiles\Profile3.dat
C:\System\Data\Profiles\Profile4.dat
C:\System\Fonts\MyDoom.gdr
C:\System\Install\install.log
C:\System\Install\MyDoom.sis
C:\System\Recogs\AVBoot.mdl
C:\System\System.ini
C:\System\T9Ldb\Arabic.rsc
C:\System\T9Ldb\english.rsc
C:\System\T9Ldb\French.rsc
C:\System\T9Ldb\t9Arabic.dll
C:\System\T9Ldb\t9english.dll
C:\System\T9Ldb\t9French.dll

Drops the following files to the mobile device's memory card:

E:\System\Apps\[101854ae]\[101854ae].app
E:\System\Apps\[10189763]\[10189763].app
E:\System\Apps\[101a3b18]\[101a3b18].app
E:\System\Apps\F-Secure\f-secure.DOOM
E:\System\Apps\gnubox\gnubox.app
E:\System\Apps\GOBOYAPP\GOBOYAPP.APP
E:\System\Apps\irRemote\irRemote.app
E:\System\Apps\Opera\Opera.app
E:\System\Apps\s60zip\s60zip.app
E:\System\Apps\SmartMovie\SmartMovie.app
E:\System\Apps\SystemExplorer\SystemExplorer.app
E:\System\Apps\UltraMP3\UltraMP3.app
E:\System\Backup\Backup.arc
E:\System\Recogs\FSkulls.mdl

Note: All .app files dropped onto the memory card are corrupted files.

weitere Informationen...

__________________
lesen - denken - posten