Mobilfunk-FAQ - Einzelnen Beitrag anzeigen

Hangman · 26.06.2007, 00:11

Risiko: sehr gering
Typ: Wurm
entdeckt am: 14. Dezember 2004
auch bekannt als: keine Angabe

Information:

SymbOS.Cabir.C is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.

The only differences are:
The worm spreads as ni&ai-.SIS.
The worm displays the following message after infection:

ni&ai-

The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.

technische Details:

SymbOS.Cabir.C is transmitted through Bluetooth as a .SIS file.

When the worm arrives at a target device the following may happen:
The device displays a message similar to the following, asking the user to accept a message from a particular device:

Receive message via Bluetooth from [device name]?

The user will be notified that they have received a new message.

The user will be prompted with a message similar to the following:

Application is untrusted and may have problems. Install only if you trust provider.

If the user chooses Yes, the user will be prompted to install the worm.

Install ni&ai-?

If the user chooses Install, the worm is installed, executed, and then displays the following message:

ni&ai-

The worm creates the following files on the phone:

\SYSTEM\APPS\ni&ai-\ni&ai-.APP
\SYSTEM\APPS\ni&ai-\ni&ai-.RSC
\SYSTEM\APPS\ni&ai-\FLO.MDL
C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.APP
C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.RSC
C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.SIS
C:\SYSTEM\RECOGS\FLO.MDL
C:\SYSTEM\INSTALLS\ni&ai-.SIS

The worm attempts to send itself to other Bluetooth-enabled device that it finds, regardless of the type of device.

The worm executes every time the device is turned on.

weitere Informationen...

26.06.2007, 00:11	#3 (Permalink)
Hangman Administrator Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.363 Downloads: 336 Uploads: 315 Abgegebene Danke: 43 Erhielt 455 Danke für 244 Beiträge	[SymbianOS] SymbOS.Cabir.C Risiko: sehr gering Typ: Wurm entdeckt am: 14. Dezember 2004 auch bekannt als: keine Angabe Information: SymbOS.Cabir.C is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir. The only differences are: The worm spreads as ni&ai-.SIS. The worm displays the following message after infection: ni&ai- The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range. The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices. technische Details: SymbOS.Cabir.C is transmitted through Bluetooth as a .SIS file. When the worm arrives at a target device the following may happen: The device displays a message similar to the following, asking the user to accept a message from a particular device: Receive message via Bluetooth from [device name]? The user will be notified that they have received a new message. The user will be prompted with a message similar to the following: Application is untrusted and may have problems. Install only if you trust provider. If the user chooses Yes, the user will be prompted to install the worm. Install ni&ai-? If the user chooses Install, the worm is installed, executed, and then displays the following message: ni&ai- The worm creates the following files on the phone: \SYSTEM\APPS\ni&ai-\ni&ai-.APP \SYSTEM\APPS\ni&ai-\ni&ai-.RSC \SYSTEM\APPS\ni&ai-\FLO.MDL C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.APP C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.RSC C:\SYSTEM\SYMBIANSECUREDATA\ni&ai-SECURITYMANAGER\ni&ai-.SIS C:\SYSTEM\RECOGS\FLO.MDL C:\SYSTEM\INSTALLS\ni&ai-.SIS The worm attempts to send itself to other Bluetooth-enabled device that it finds, regardless of the type of device. The worm executes every time the device is turned on. weitere Informationen... __________________ lesen - denken - posten