[SymbianOS] SymbOS.Commwarrior - Mobilfunk-FAQ

Hangman · 24.06.2007, 22:43

Risiko: sehr gering
Typ: Wurm
entdeckt am: 07. März 2005
auch bekannt als: Commwarrior.A [F-Secure], SymbOS/Commwarrior.a [McAfee], SYMBOS_COMWAR.A [Trend Micro]

Information:

SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device.

technische Details:

When SymbOS.Commwarrior.A arrives at a target device, it may perform the following actions:
Creates the following files on the phone:

\system\updates\commwarrior.exe
\system\updates\commrec.mdl
\system\apps\commwarrior\commwarrior.exe
\system\apps\commwarrior\commrec.mdl
\system\recogs\commrec.mdl

Rebuilds an .sis file from the above files into the following location:

\system\updates\commw.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds.

Randomly chooses a phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install.

The MMS messages have the following characteristics:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: Desktop manager
Message: Official Symbian desctop manager.
Subject: Display driver
Message: Real True Color mobile display driver!
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Subject: Free SEX!
Message: Free *SEX* software for you!
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Porno images
Message: Porno images collection with nice viewer!
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Subject: Security update #12
Message: Significant security update. See [Link nur für registrierte Mitglieder sichtbar.]
Subject: Symbian security update
Message: See security news at [Link nur für registrierte Mitglieder sichtbar.]
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

If it is the first hour of the 14th of any month, the threat resets the device.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.06.2007, 23:45

Risiko: sehr gering
Typ: Wurm
entdeckt am: 07. März 2005
auch bekannt als: SymbOS/Commwarrior.b!sys [McAfee]

Information:

SymbOS.Commwarrior.B is a worm that replicates on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device.

technische Details:

When SymbOS.Commwarrior.B arrives at a target device, it may perform the following actions:

Creates the following files on the phone:

\system\apps\commwarrior\commwarrior.exe
\system\apps\commwarrior\commrec.mdl
\system\updates\commwarrior.exe (24,516 bytes)
\system\updates\commrec.mdl (2152 bytes)
\system\updates\commw.sis (27,162 bytes)

Note: The only difference between SymbOS.Commwarrior.B and SymbOS.Commwarrior.A is the size of the files dropped.

Runs and executes commwarrior.exe at system startup from the recognizer file in c:\system\recogs\commrec.mdl. This will allow the process to continue.

Rebuilds an .sis file from the above files into the following location:

\system\updates\commw.sis

Searches for nearby Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file, every minute, to all devices that it finds.

Randomly choose a contact phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install.

The MMS messages have the following characteristics:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: Desktop manager
Message: Official Symbian desctop manager.
Subject: Display driver
Message: Real True Color mobile display driver!
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Subject: Free SEX!
Message: Free *SEX* software for you!
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Porno images
Message: Porno images collection with nice viewer!
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Subject: Security update #12
Message: Significant security update. See [Link nur für registrierte Mitglieder sichtbar.]
Subject: Symbian security update
Message: See security news at [Link nur für registrierte Mitglieder sichtbar.]
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

If it is the first hour of the 14th of any month, the threat resets the device.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.06.2007, 23:49

Risiko: sehr gering
Typ: Wurm
entdeckt am: 14. Oktober 2005
auch bekannt als: SYMBOS_COMWAR.C [Trend Micro], SymbOS/Commwarrior.C [McAfee]

Information:

SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis.

technische Details:

When SymbOS.Commwarrior.C is executed, it performs the following actions:
Copies itself as C:\System\programs\cwoutcast.exe.

Creates the following files:

C:\System\apps\SymCommander\SymCommander.app
C:\System\apps\SymCommander\SymCommander.rsc
C:\System\apps\SymCommander\SymCommander.aif
C:\System\apps\SymCommander\SymCommander (zero bytes in length)

Creates a copy of itself as \System\bootdata\lib\cwoutcast.exe on C:\ and on all the MMC cards the worm finds.

Creates the file \System\recogs\cworec.mdl on C: and on all the MMC cards the worm finds, so it runs every time the mobile device starts.

Recreates a SIS file in the folder where the worm executable ran. The SIS file contains the worm executable file cwoutcast.exe.

Sets its thread into a protected state so that its process cannot be ended easily.

Recreates files on the device, if a user tries to delete the worm executable or its .mdl component.

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds.

Searches for phone numbers from the device's address book.

Sends an MMS message containing the worm SIS file as an attachment to all the numbers that it finds.

Listens for any arriving MMS or SMS messages and replies with an MMS message containing the worm SIS file as an attachment.

Listens for any SMS messages that the user sends and sends an MMS message containing the worm SIS file as an attachment to the same number.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:02

Risiko: sehr gering
Typ: Wurm
entdeckt am: 09.03.2006
auch bekannt als: Commwarrior.D [F-Secure], ComWar.M [Panda]

Information:

SymbOS.Commwarrior.D is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multimedia Cards (MMC) as a randomly named .sis file.

technische Details:

When SymbOS.Commwarrior.D is executed, it performs the following actions:
Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
Sexoo-Chattz

Creates the following files:

[DriveLetter]\system\apps\UltraPlayer\ultraplayer.exe
[DriveLetter]\system\apps\UltraPlayer\inition.mdl

Runs ultraplayer.exe, which creates the following files on the compromised device's memory card:

e:\system\recogs\inition.mdl
e:\system\wmedias\inition.mdl
e:\system\wmedias\ultraplayer.exe

Rebuilds a .sis file from the above files and copies it to the following location:

e:\system\wmedias\Codec.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute.

Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Mierda Estatut!!
Message: PoltiTonos paramoviles,descarga ya!

Subject: Comela!
Message: Nuevo Virus THX para los Nokia s60s. Instala

Subject: Quieres Reirte
Message: Todos vendemos.Gracias Carod!

Subject: Morena
Message: Conseguir eso..Maldito Sea!

Subject: Dluxe!!
Message: Carod eres un cabron, Capullo!. Politonos de Neng !!.
Follatela!

Subject: Mis Albumes
Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia

Subject: Sonitonos Nokia
Message: Politono Popcorn anuncio renault clio

Subject: Carod Rovira HPuta!
Message: Vodafone y Amenase fusionan. Compra un Nokia.com

Subject: A mi novia Less
Message: Solo trabajemos 6 horas diarias .....!

Subject: Se busca gente
Message: Manda tu curriculum a esta direcciony llamaran!

Subject: Antena 3 y T elecinco...
Message: Diapositiva PowerPoint ensymbian.com

Subject: Mi e-mail es este
Message: Mario y yo nos casamos e n 2 meses!!.

Subject: Feliz Cumple!!!
Message: Felicidades!!!! Tienes una postal aki!

Subject: Orgullo Gay
Message: Descarga nuevos sonitonos aqui!

Subject: Mi Exnovia!
Message: Mp3 Player paraNokia series 60. Instalalo yaa!

Subject: Mi foto erotic@
Message: Coleccion de mis fotoalbum fallas 2006!!!

Subject: Quedamos a tomar algo?
Message: Viva las fallas de Valencia, mascletas online

Subject: Ayudanos co
Message: ntra la drogadiccion, colabora ACDV 1 Euro.

Subject: Me he cambiado..
Message: Me he cambiado la direccionde email, esta

Subject: Llamame cuando veas
Message: Problema de bateria en Nokia!

Subject: Cari!!
Message: AMD!!!Universidad de Madrid y Valencia.

Subject: Nuevas Tiendas!
Message: Hay que pagar para respirary mear

Subject: Movistar!
Message: Fernando Alo nso te envia una invitacion!

Subject: Sr Arganda
Message: Vodafone, Informacion gratuita en MMS..... Informa

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:05

Risiko: sehr gering
Typ: Wurm
entdeckt am: 17.03.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commwarrior.E is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file.

technische Details:

When SymbOS.Commwarrior.E is executed, it performs the following actions:
Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
Amena_Info:z

Creates the following files:

[DriveLetter]\system\apps\MusicPlayer\Warriorland.exe
[DriveLetter]\system\apps\MusicPlayer\sistema.mdl

Runs Warriorland.exe, which creates the following files on the compromised device:

c:\system\recogs\sistema.mdl
c:\system\systems\sistema.mdl
c:\system\systems\WarriorLand.exe

Rebuilds a .sis file from the above files and copies it to the following location:

c:\system\systems\amena.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute.

Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Norton AntiVirus
Message: Instalacion paramoviles,instalar ya!

Subject: Paulina
Message: Nuevo Antivirus para los Nokia s60s. Instala

Subject: Quieres Reirte
Message: Todos vendemos.Gracias Maria!

Subject: Deejay
Message: Conseguir eso..Maldito Sea!

Subject: HP-CITY
Message: Veroo eres un zorron, guarrita. Instalalo si eres tu. Instala!

Subject: Mis Albumes
Message: Maria! Traeme las bragas de tu madre!!!!! Solo Nokia.

Subject: Sonitonos Nokia
Message: Politono Popcorn anuncio renault clio

Subject: Telefonica Anuncia.
Message: Vodafone y Amenase fusionan. Compra un PpPpc.com

Subject: A mi novia XXXX
Message: Solo trabajemos 6 horas diarias .....!

Subject: Se busca gente
Message: Antena 3 y Telecincoven

Subject: Antena 3 y T elecinco...
Message: Diapositiva PowerPoint ensymbian.com

Subject: Mi e-mail es este
Message: Jorge y yo nos casamos e n 2 meses!!.

Subject: Feliz Cumple!!!
Message: Felicidades!!!! Tienes una postal aki!

Subject: Amor Libre!
Message: Descarga nuevos sonitonos aqui!

Subject: AmorVirtual
Message: Mp3 Player paraNokia series 60. Instalalo yaa!

Subject: Mi tema erotico
Message: Coleccion de mis fotoalbum fallas 2006!!!

Subject: Quedamos a tomar algo?
Message: Viva las fallas de Valencia, mascletas online

Subject: Ayudanos mo
Message: vilforum,todo sobre movilesy demas......com

Subject: Me he cambiado..
Message: Me he cambiado la direccionde email, esta

Subject: Llamame cuando veas
Message: Problema de bateria en Nokia!

Subject: Mira!!
Message: Ole!!!Universidad de Madrid y Valencia.

Subject: Nuevas Tiendas!
Message: Hay que pagar para respirar y mear

Subject: Movistar!
Message: Fernando Alonso te envia una invitacion! Sr Gonzalo

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:09

Risiko: sehr gering
Typ: Wurm
entdeckt am: 17.05.2006
auch bekannt als:

Information:

SymbOS.Commwarrior.F is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file.

technische Details:

When SymbOS.Commwarrior.F is executed, it performs the following actions:

Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Chatt Yahoo

Creates the following files:

\System\apps\TTNCONTACTS\TTNCONTACTS.exe
\System\apps\TTNCONTACTS\RecQWRD.mdl

Runs TTNCONTACTS.exe, which creates the following files on the compromised device:

e:\System\recogs\RecQWRD.mdl
e:\Sounds\Digital\RecQWRD.mdl
e:\Sounds\Digital\WaveEditors.exe

Rebuilds a .sis file from the above files and copies it to the following location:

e:\Sounds\Digital\Disco.mp3

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute.

Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Disco.mp3 file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Erotic EspaceXxX
Message: EspaceXX te regala una, entrada ya!

Subject: Por Ti
Message: Por ti.Ven disfruta de la cena !!. Ven ya!

Subject: Benitocamelas
Message: BenitoCamelas . en Concierto!!

Subject: Mira!!
Message: Leslie Te Km!!. Tu si sabes!

Subject: SORTEO
Message: SORTEO Carrefur por Aniversari. Regal Nokias 60 ven!. Corree!

Subject: N-GageQD!!!
Message: Regalamos Nokias N-GageQD. Ven a Lidl!!!! 4 Unidades.

Subject: Envia Politonos
Message: Envia Politonos al 3343. Gratis 2!!!.

Subject: Ruralcaja Ofrece...
Message: RuralCaja ofrece2 anos de... Ven [Link nur für registrierte Mitglieder sichtbar.]

Subject: Buscamos Gente
Message: Antena 3. Busca gente para serie TV!!!

Subject: Estatut!!!!!
Message: Carod Rovira es un hijo de Puta!! Cabronazo!!!!

Subject: Zapatero vete a tu casa
Message: El PSOE es una mierda!! 2 Telediario

Subject: Mensaje Antena 3
Message: Promocion Antena 3.Consigue grattis.

Subject: Feliz Cumple!!!
Message: Feliz Cumple!!! Ves como me acuerdo!!!

Subject: Tkm! Amor
Message: Less tkm!. Te quiero mucho!!

Subject: Virutas MEX
Message: Virutas MEX mezcla Mexicana de Limon y Peras!!!

Subject: Nokia Tonos!
Message: Nokia Tonos! Coleccion al 343 de ConTxTA!

Subject: Quedamos a tomar algo?
Message: Viva los Hacker de Valencia, hackers!! online

Subject: Ayudanos co
Message: ntra la drogadiccion, colabora ACDV 1 Euro.

Subject: Me he cambiado..
Message: Me he cambiado la direccion de email, esta

Subject: Llamame cuando veas
Message: Me he quedado sin Gasolina!!!

Subject: 343.!!
Message: SMS!!!Antena 3 lanza nuevos servicios..

Subject: Impuestos Bajos
Message: Hay que pagar para respirar y mear

Subject: Movistar!
Message: Fernando Alonso te envia una invitacion!Sr Arganda

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:13

Risiko: sehr gering
Typ: Wurm
entdeckt am: 18.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commwarrior.G is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multmedia Cards (MMC) as a randomly named .sis file.

technische Details:

When SymbOS.Commwarrior.G is executed, it performs the following actions:

Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Mp3 UltraDJ

Creates the following files:

[DriveLetter]\system\apps\NokiaPlayer\MusicPlayer.exe (a copy of SymbOS.Commwarrior.D)
[DriveLetter]\system\apps\NokiaPlayer\Inition.mdl

Runs ultraplayer.exe, which creates the following files on the compromised device's memory card:

e:\system\recogs\inition.mdl
e:\system\wmedias\inition.mdl
e:\system\wmedias\MusicPlayer.exe

Rebuilds a .sis file from the above files and copies it to the following location:

e:\system\wmedias\Codec.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute.

Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Mierda Estatut!!
Message: PoltiTonos paramoviles,descarga ya!

Subject: Comela!
Message: Nuevo Virus THX para los Nokia s60s. Instala

Subject: Quieres Reirte
Message: Todos vendemos. Gracias Carod!

Subject: Morena
Message: Conseguir eso.. Maldito Sea!

Subject: PC-CITY
Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela!

Subject: Mis Albumes
Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia.

Subject: Sonitonos Nokia
Message: Politono Popcorn anuncio renault clio

Subject: Carod Rovira HPuta!
Message: Vodafone y Amenase fusionan. Compra un Nokia.com

Subject: A mi novia Less
Message: Solo trabajemos 6 horas diarias .....!

Subject: Se busca gente
Message: Manda tu curriculum a esta direcciony llamaran!

Subject: Antena 3 y Telecinco...
Message: Diapositiva PowerPoint ensymbian.com

Subject: Mi e-mail es este
Message: Mario y yo nos casamos en 2 meses!!.

Subject: Feliz Cumple!!!
Message: Felicidades!!!! Tienes una postal aki!

Subject: Orgullo Gay
Message: Descarga nuevos sonitonos aqui!

Subject: Mi Exnovia!
Message: Mp3 Player para Nokia series 60. Instalalo yaa!

Subject: Mi foto erotic@
Message: Coleccion de mis fotoalbum fallas 2006!!!

Subject: Quedamos a tomar algo?
Message: Viva las fallas de Valencia, mascletas online

Subject: Ayudanos co
Message: ntra la drogadiccion, colabora ACDV 1 Euro.

Subject: Me he cambiado..
Message: Me he cambiado la direccion de email, esta

Subject: Llamame cuando veas
Message: Problema de bateria en Nokia!

Subject: Cari!!
Message: AMD!!!Universidad de Madrid y Valencia.

Subject: Nuevas Tiendas!
Message: Hay que pagar para respirar y mear

Subject: Movistar!
Message: Fernando Alonso te envia una invitacion!Sr Arganda

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:26

Risiko: sehr gering
Typ: Wurm
entdeckt am: 18.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commwarrior.H is a worm that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multmedia Cards (MMC) as a randomly named .sis file.

Before the .sis file is installed, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Commwarrior.H is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
MovistarCha

Creates the following files:

[DriveLetter]\System\apps\Filexplorer\Filexplorer.exe (which is detected as SymbOS.Commwarrior.D)
[DriveLetter]\System\apps\Filexplorer\systems.mdl

Runs ultraplayer.exe, which creates the following files on the compromised device's memory card:

e:\System\recogs\Systems.mdl
e:\System\Systems\Systems.mdl
e:\System\Systems\Filexplorer.exe

Rebuilds a .sis file from the above files and copies it to the following location:

e:\System\Systems\Filer.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. The worm repeats this action every minute.

Randomly selects a contact phone number from the device's phonebook and sends an MMS message containing the Filer.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Mierda Estatut!!
Message: PoltiTonos paramoviles,descarga ya!

Subject: Comela!
Message: Nuevo Virus THX para los Nokia s60s. Instala

Subject: Quieres Reirte
Message: Todos vendemos. Gracias Carod!

Subject: Morena
Message: Conseguir eso.. Maldito Sea!

Subject: PC-CITY
Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela!

Subject: Mis Albumes
Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia.

Subject: Sonitonos Nokia
Message: Politono Popcorn anuncio renault clio

Subject: Carod Rovira HPuta!
Message: Vodafone y Amenase fusionan. Compra un Nokia.com

Subject: A mi novia Less
Message: Solo trabajemos 6 horas diarias .....!

Subject: Se busca gente
Message: Manda tu curriculum a esta direcciony llamaran!

Subject: Antena 3 y Telecinco...
Message: Diapositiva PowerPoint ensymbian.com

Subject: Mi e-mail es este
Message: Mario y yo nos casamos en 2 meses!!.

Subject: Feliz Cumple!!!
Message: Felicidades!!!! Tienes una postal aki!

Subject: Orgullo Gay
Message: Descarga nuevos sonitonos aqui!

Subject: Mi Exnovia!
Message: Mp3 Player para Nokia series 60. Instalalo yaa!

Subject: Mi foto erotic@
Message: Coleccion de mis fotoalbum fallas 2006!!!

Subject: Quedamos a tomar algo?
Message: Viva las fallas de Valencia, mascletas online

Subject: Ayudanos co
Message: ntra la drogadiccion, colabora ACDV 1 Euro.

Subject: Me he cambiado..
Message: Me he cambiado la direccion de email, esta

Subject: Llamame cuando veas
Message: Problema de bateria en Nokia!

Subject: Cari!!
Message: AMD!!!Universidad de Madrid y Valencia.

Subject: Nuevas Tiendas!
Message: Hay que pagar para respirar y mear

Subject: Movistar!
Message: Fernando Alonso te envia una invitacion!Sr Arganda

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:29

Risiko: sehr gering
Typ: Wurm
entdeckt am: 25.05.2006
auch bekannt als:

Information:

SymbOS.Commwarrior.I is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file.

The phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

technische Details:

When SymbOS.Commwarrior.I is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
Sudoku Play

Creates the following files:

\System\data\IloveLeslie\LeslieLoves.exe
\System\data\IloveLeslie\RecQWRD.mdl

Runs LeslieLoves.exe, which creates the following files on the compromised device:

E:\System\recogs\RecQWRD.mdl
E:\Images\_PAlbTN\RecQWRD.mdl
E:\Images\_PAlbTN\Backgrounds.jpg

Rebuilds a .sis file from the above files and copies it to the following location:

E:\Images\_PAlbtn\Phone.jpg

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute.

Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Disco.mp3 file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message does not have a subject or message.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 19:33

Risiko: sehr gering
Typ: Wurm
entdeckt am: 06.06.2006
auch bekannt als: Commwarrior.K [F-Secure]

Information:

SymbOS.Commwarrior.J is a worm that runs on Series 60 phones and drops SymbOS.Commwarrior.D onto the compromised device. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multimedia Cards (MMC) as a randomly named .sis file.

The phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed.

technische Details:

When SymbOS.Commwarrior.J is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
MovistarBTC

Creates the following files:

[DRIVELETTER]\system\apps\Filexplorer\Filexplorer.exe (detected as SymbOS.Commwarrior.D)
[DRIVELETTER]\system\apps\Filexplorer\systems.mdl

Runs Filexplorer.exe, which creates the following files on the compromised device's memory card:

e:\System\recogs\Systems.mdl
e:\System\Systems\Systems.mdl
e:\System\Systems\Filexplorer.exe

Rebuilds a .sis file from the above files and copies it to the following location:

e:\System\Systems\Filer.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. The worm repeats this action every minute.

Randomly selects a contact phone number from the device's phonebook and sends an MMS message containing the Filer.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following:

Subject: Mierda Estatut!!
Message: PoltiTonos paramoviles,descarga ya!

Subject: Comela!
Message: Nuevo Virus THX para los Nokia s60s. Instala

Subject: Quieres Reirte
Message: Todos vendemos. Gracias Carod!

Subject: Morena
Message: Conseguir eso.. Maldito Sea!

Subject: PC-CITY
Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela!

Subject: Mis Albumes
Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia.

Subject: Sonitonos Nokia
Message: Politono Popcorn anuncio renault clio

Subject: Carod Rovira HPuta!
Message: Vodafone y Amenase fusionan. Compra un Nokia.com

Subject: A mi novia Less
Message: Solo trabajemos 6 horas diarias .....!

Subject: Se busca gente
Message: Manda tu curriculum a esta direcciony llamaran!

Subject: Antena 3 y Telecinco...
Message: Diapositiva PowerPoint ensymbian.com

Subject: Mi e-mail es este
Message: Mario y yo nos casamos en 2 meses!!.

Subject: Feliz Cumple!!!
Message: Felicidades!!!! Tienes una postal aki!

Subject: Orgullo Gay
Message: Descarga nuevos sonitonos aqui!

Subject: Mi Exnovia!
Message: Mp3 Player para Nokia series 60. Instalalo yaa!

Subject: Mi foto erotic@
Message: Coleccion de mis fotoalbum fallas 2006!!!

Subject: Quedamos a tomar algo?
Message: Viva las fallas de Valencia, mascletas online

Subject: Ayudanos co
Message: ntra la drogadiccion, colabora ACDV 1 Euro.

Subject: Me he cambiado..
Message: Me he cambiado la direccion de email, esta

Subject: Llamame cuando veas
Message: Problema de bateria en Nokia!

Subject: Cari!!
Message: AMD!!!Universidad de Madrid y Valencia.

Subject: Nuevas Tiendas!
Message: Hay que pagar para respirar y mear

Subject: Movistar!
Message: Fernando Alonso te envia una invitacion!Sr Arganda

[Link nur für registrierte Mitglieder sichtbar.]

24.06.2007, 22:43	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.A Risiko: sehr gering Typ: Wurm entdeckt am: 07. März 2005 auch bekannt als: Commwarrior.A [F-Secure], SymbOS/Commwarrior.a [McAfee], SYMBOS_COMWAR.A [Trend Micro] Information: SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device. technische Details: When SymbOS.Commwarrior.A arrives at a target device, it may perform the following actions: Creates the following files on the phone: \system\updates\commwarrior.exe \system\updates\commrec.mdl \system\apps\commwarrior\commwarrior.exe \system\apps\commwarrior\commrec.mdl \system\recogs\commrec.mdl Rebuilds an .sis file from the above files into the following location: \system\updates\commw.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. Randomly chooses a phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The MMS messages have the following characteristics: Subject: Norton AntiVirus Message: Released now for mobile, install it! Subject: 3DGame Message: 3DGame from me. It is FREE ! Subject: 3DNow! Message: 3DNow!(tm) mobile emulator for GAMES. Subject: Audio driver Message: Live3D driver with polyphonic virtual speakers! Subject: CheckDisk Message: FREE CheckDisk for SymbianOS released!MobiComm Subject: Desktop manager Message: Official Symbian desctop manager. Subject: Display driver Message: Real True Color mobile display driver! Subject: Dr.Web Message: New Dr.Web antivirus for Symbian OS. Try it! Subject: Free SEX! Message: Free SEX software for you! Subject: Happy Birthday! Message: Happy Birthday! It is present for you! Subject: Internet Accelerator Message: Internet accelerator, SSL security update #7. Subject: Internet Cracker Message: It is EASY to CRACK provider accounts! Subject: MS-DOS Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: MatrixRemover Message: Matrix has you. Remove matrix! Subject: Nokia ringtoner Message: Nokia RingtoneManager for all models. Subject: PocketPCemu Message: PocketPC REAL emulator for Symbvian OS! Nokia only. Subject: Porno images Message: Porno images collection with nice viewer! Subject: PowerSave Inspector Message: Save you battery and MONEY! Subject: Security update #12 Message: Significant security update. See [Link nur für registrierte Mitglieder sichtbar.] Subject: Symbian security update Message: See security news at [Link nur für registrierte Mitglieder sichtbar.] Subject: SymbianOS update Message: OS service pack #1 from Symbian inc. Subject: Virtual SEX Message: Virtual SEX mobile engine from Russian hackers! Subject: WWW Cracker Message: Helps to CRACK WWW sites like hotmail.com If it is the first hour of the 14th of any month, the threat resets the device. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.06.2007, 23:45	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.B Risiko: sehr gering Typ: Wurm entdeckt am: 07. März 2005 auch bekannt als: SymbOS/Commwarrior.b!sys [McAfee] Information: SymbOS.Commwarrior.B is a worm that replicates on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file. If it is the first hour of the 14th of any month, the threat resets the device. technische Details: When SymbOS.Commwarrior.B arrives at a target device, it may perform the following actions: Creates the following files on the phone: \system\apps\commwarrior\commwarrior.exe \system\apps\commwarrior\commrec.mdl \system\updates\commwarrior.exe (24,516 bytes) \system\updates\commrec.mdl (2152 bytes) \system\updates\commw.sis (27,162 bytes) Note: The only difference between SymbOS.Commwarrior.B and SymbOS.Commwarrior.A is the size of the files dropped. Runs and executes commwarrior.exe at system startup from the recognizer file in c:\system\recogs\commrec.mdl. This will allow the process to continue. Rebuilds an .sis file from the above files into the following location: \system\updates\commw.sis Searches for nearby Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file, every minute, to all devices that it finds. Randomly choose a contact phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The MMS messages have the following characteristics: Subject: Norton AntiVirus Message: Released now for mobile, install it! Subject: 3DGame Message: 3DGame from me. It is FREE ! Subject: 3DNow! Message: 3DNow!(tm) mobile emulator for GAMES. Subject: Audio driver Message: Live3D driver with polyphonic virtual speakers! Subject: CheckDisk Message: FREE CheckDisk for SymbianOS released!MobiComm Subject: Desktop manager Message: Official Symbian desctop manager. Subject: Display driver Message: Real True Color mobile display driver! Subject: Dr.Web Message: New Dr.Web antivirus for Symbian OS. Try it! Subject: Free SEX! Message: Free SEX software for you! Subject: Happy Birthday! Message: Happy Birthday! It is present for you! Subject: Internet Accelerator Message: Internet accelerator, SSL security update #7. Subject: Internet Cracker Message: It is EASY to CRACK provider accounts! Subject: MS-DOS Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: MatrixRemover Message: Matrix has you. Remove matrix! Subject: Nokia ringtoner Message: Nokia RingtoneManager for all models. Subject: PocketPCemu Message: PocketPC REAL emulator for Symbvian OS! Nokia only. Subject: Porno images Message: Porno images collection with nice viewer! Subject: PowerSave Inspector Message: Save you battery and MONEY! Subject: Security update #12 Message: Significant security update. See [Link nur für registrierte Mitglieder sichtbar.] Subject: Symbian security update Message: See security news at [Link nur für registrierte Mitglieder sichtbar.] Subject: SymbianOS update Message: OS service pack #1 from Symbian inc. Subject: Virtual SEX Message: Virtual SEX mobile engine from Russian hackers! Subject: WWW Cracker Message: Helps to CRACK WWW sites like hotmail.com If it is the first hour of the 14th of any month, the threat resets the device. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.06.2007, 23:49	#3 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.C Risiko: sehr gering Typ: Wurm entdeckt am: 14. Oktober 2005 auch bekannt als: SYMBOS_COMWAR.C [Trend Micro], SymbOS/Commwarrior.C [McAfee] Information: SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis. technische Details: When SymbOS.Commwarrior.C is executed, it performs the following actions: Copies itself as C:\System\programs\cwoutcast.exe. Creates the following files: C:\System\apps\SymCommander\SymCommander.app C:\System\apps\SymCommander\SymCommander.rsc C:\System\apps\SymCommander\SymCommander.aif C:\System\apps\SymCommander\SymCommander (zero bytes in length) Creates a copy of itself as \System\bootdata\lib\cwoutcast.exe on C:\ and on all the MMC cards the worm finds. Creates the file \System\recogs\cworec.mdl on C: and on all the MMC cards the worm finds, so it runs every time the mobile device starts. Recreates a SIS file in the folder where the worm executable ran. The SIS file contains the worm executable file cwoutcast.exe. Sets its thread into a protected state so that its process cannot be ended easily. Recreates files on the device, if a user tries to delete the worm executable or its .mdl component. Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. Searches for phone numbers from the device's address book. Sends an MMS message containing the worm SIS file as an attachment to all the numbers that it finds. Listens for any arriving MMS or SMS messages and replies with an MMS message containing the worm SIS file as an attachment. Listens for any SMS messages that the user sends and sends an MMS message containing the worm SIS file as an attachment to the same number. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:02	#4 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.D Risiko: sehr gering Typ: Wurm entdeckt am: 09.03.2006 auch bekannt als: Commwarrior.D [F-Secure], ComWar.M [Panda] Information: SymbOS.Commwarrior.D is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multimedia Cards (MMC) as a randomly named .sis file. technische Details: When SymbOS.Commwarrior.D is executed, it performs the following actions: Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install Sexoo-Chattz Creates the following files: [DriveLetter]\system\apps\UltraPlayer\ultraplayer.exe [DriveLetter]\system\apps\UltraPlayer\inition.mdl Runs ultraplayer.exe, which creates the following files on the compromised device's memory card: e:\system\recogs\inition.mdl e:\system\wmedias\inition.mdl e:\system\wmedias\ultraplayer.exe Rebuilds a .sis file from the above files and copies it to the following location: e:\system\wmedias\Codec.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute. Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Mierda Estatut!! Message: PoltiTonos paramoviles,descarga ya! Subject: Comela! Message: Nuevo Virus THX para los Nokia s60s. Instala Subject: Quieres Reirte Message: Todos vendemos.Gracias Carod! Subject: Morena Message: Conseguir eso..Maldito Sea! Subject: Dluxe!! Message: Carod eres un cabron, Capullo!. Politonos de Neng !!. Follatela! Subject: Mis Albumes Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia Subject: Sonitonos Nokia Message: Politono Popcorn anuncio renault clio Subject: Carod Rovira HPuta! Message: Vodafone y Amenase fusionan. Compra un Nokia.com Subject: A mi novia Less Message: Solo trabajemos 6 horas diarias .....! Subject: Se busca gente Message: Manda tu curriculum a esta direcciony llamaran! Subject: Antena 3 y T elecinco... Message: Diapositiva PowerPoint ensymbian.com Subject: Mi e-mail es este Message: Mario y yo nos casamos e n 2 meses!!. Subject: Feliz Cumple!!! Message: Felicidades!!!! Tienes una postal aki! Subject: Orgullo Gay Message: Descarga nuevos sonitonos aqui! Subject: Mi Exnovia! Message: Mp3 Player paraNokia series 60. Instalalo yaa! Subject: Mi foto erotic@ Message: Coleccion de mis fotoalbum fallas 2006!!! Subject: Quedamos a tomar algo? Message: Viva las fallas de Valencia, mascletas online Subject: Ayudanos co Message: ntra la drogadiccion, colabora ACDV 1 Euro. Subject: Me he cambiado.. Message: Me he cambiado la direccionde email, esta Subject: Llamame cuando veas Message: Problema de bateria en Nokia! Subject: Cari!! Message: AMD!!!Universidad de Madrid y Valencia. Subject: Nuevas Tiendas! Message: Hay que pagar para respirary mear Subject: Movistar! Message: Fernando Alo nso te envia una invitacion! Subject: Sr Arganda Message: Vodafone, Informacion gratuita en MMS..... Informa [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:05	#5 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.E Risiko: sehr gering Typ: Wurm entdeckt am: 17.03.2006 auch bekannt als: keine Angabe Information: SymbOS.Commwarrior.E is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file. technische Details: When SymbOS.Commwarrior.E is executed, it performs the following actions: Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install Amena_Info:z Creates the following files: [DriveLetter]\system\apps\MusicPlayer\Warriorland.exe [DriveLetter]\system\apps\MusicPlayer\sistema.mdl Runs Warriorland.exe, which creates the following files on the compromised device: c:\system\recogs\sistema.mdl c:\system\systems\sistema.mdl c:\system\systems\WarriorLand.exe Rebuilds a .sis file from the above files and copies it to the following location: c:\system\systems\amena.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute. Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Norton AntiVirus Message: Instalacion paramoviles,instalar ya! Subject: Paulina Message: Nuevo Antivirus para los Nokia s60s. Instala Subject: Quieres Reirte Message: Todos vendemos.Gracias Maria! Subject: Deejay Message: Conseguir eso..Maldito Sea! Subject: HP-CITY Message: Veroo eres un zorron, guarrita. Instalalo si eres tu. Instala! Subject: Mis Albumes Message: Maria! Traeme las bragas de tu madre!!!!! Solo Nokia. Subject: Sonitonos Nokia Message: Politono Popcorn anuncio renault clio Subject: Telefonica Anuncia. Message: Vodafone y Amenase fusionan. Compra un PpPpc.com Subject: A mi novia XXXX Message: Solo trabajemos 6 horas diarias .....! Subject: Se busca gente Message: Antena 3 y Telecincoven Subject: Antena 3 y T elecinco... Message: Diapositiva PowerPoint ensymbian.com Subject: Mi e-mail es este Message: Jorge y yo nos casamos e n 2 meses!!. Subject: Feliz Cumple!!! Message: Felicidades!!!! Tienes una postal aki! Subject: Amor Libre! Message: Descarga nuevos sonitonos aqui! Subject: AmorVirtual Message: Mp3 Player paraNokia series 60. Instalalo yaa! Subject: Mi tema erotico Message: Coleccion de mis fotoalbum fallas 2006!!! Subject: Quedamos a tomar algo? Message: Viva las fallas de Valencia, mascletas online Subject: Ayudanos mo Message: vilforum,todo sobre movilesy demas......com Subject: Me he cambiado.. Message: Me he cambiado la direccionde email, esta Subject: Llamame cuando veas Message: Problema de bateria en Nokia! Subject: Mira!! Message: Ole!!!Universidad de Madrid y Valencia. Subject: Nuevas Tiendas! Message: Hay que pagar para respirar y mear Subject: Movistar! Message: Fernando Alonso te envia una invitacion! Sr Gonzalo [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:09	#6 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.F Risiko: sehr gering Typ: Wurm entdeckt am: 17.05.2006 auch bekannt als: Information: SymbOS.Commwarrior.F is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file. technische Details: When SymbOS.Commwarrior.F is executed, it performs the following actions: Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Chatt Yahoo Creates the following files: \System\apps\TTNCONTACTS\TTNCONTACTS.exe \System\apps\TTNCONTACTS\RecQWRD.mdl Runs TTNCONTACTS.exe, which creates the following files on the compromised device: e:\System\recogs\RecQWRD.mdl e:\Sounds\Digital\RecQWRD.mdl e:\Sounds\Digital\WaveEditors.exe Rebuilds a .sis file from the above files and copies it to the following location: e:\Sounds\Digital\Disco.mp3 Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute. Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Disco.mp3 file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Erotic EspaceXxX Message: EspaceXX te regala una, entrada ya! Subject: Por Ti Message: Por ti.Ven disfruta de la cena !!. Ven ya! Subject: Benitocamelas Message: BenitoCamelas . en Concierto!! Subject: Mira!! Message: Leslie Te Km!!. Tu si sabes! Subject: SORTEO Message: SORTEO Carrefur por Aniversari. Regal Nokias 60 ven!. Corree! Subject: N-GageQD!!! Message: Regalamos Nokias N-GageQD. Ven a Lidl!!!! 4 Unidades. Subject: Envia Politonos Message: Envia Politonos al 3343. Gratis 2!!!. Subject: Ruralcaja Ofrece... Message: RuralCaja ofrece2 anos de... Ven [Link nur für registrierte Mitglieder sichtbar.] Subject: Buscamos Gente Message: Antena 3. Busca gente para serie TV!!! Subject: Estatut!!!!! Message: Carod Rovira es un hijo de Puta!! Cabronazo!!!! Subject: Zapatero vete a tu casa Message: El PSOE es una mierda!! 2 Telediario Subject: Mensaje Antena 3 Message: Promocion Antena 3.Consigue grattis. Subject: Feliz Cumple!!! Message: Feliz Cumple!!! Ves como me acuerdo!!! Subject: Tkm! Amor Message: Less tkm!. Te quiero mucho!! Subject: Virutas MEX Message: Virutas MEX mezcla Mexicana de Limon y Peras!!! Subject: Nokia Tonos! Message: Nokia Tonos! Coleccion al 343 de ConTxTA! Subject: Quedamos a tomar algo? Message: Viva los Hacker de Valencia, hackers!! online Subject: Ayudanos co Message: ntra la drogadiccion, colabora ACDV 1 Euro. Subject: Me he cambiado.. Message: Me he cambiado la direccion de email, esta Subject: Llamame cuando veas Message: Me he quedado sin Gasolina!!! Subject: 343.!! Message: SMS!!!Antena 3 lanza nuevos servicios.. Subject: Impuestos Bajos Message: Hay que pagar para respirar y mear Subject: Movistar! Message: Fernando Alonso te envia una invitacion!Sr Arganda [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:13	#7 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.G Risiko: sehr gering Typ: Wurm entdeckt am: 18.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Commwarrior.G is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multmedia Cards (MMC) as a randomly named .sis file. technische Details: When SymbOS.Commwarrior.G is executed, it performs the following actions: Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Mp3 UltraDJ Creates the following files: [DriveLetter]\system\apps\NokiaPlayer\MusicPlayer.exe (a copy of SymbOS.Commwarrior.D) [DriveLetter]\system\apps\NokiaPlayer\Inition.mdl Runs ultraplayer.exe, which creates the following files on the compromised device's memory card: e:\system\recogs\inition.mdl e:\system\wmedias\inition.mdl e:\system\wmedias\MusicPlayer.exe Rebuilds a .sis file from the above files and copies it to the following location: e:\system\wmedias\Codec.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute. Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Codec.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Mierda Estatut!! Message: PoltiTonos paramoviles,descarga ya! Subject: Comela! Message: Nuevo Virus THX para los Nokia s60s. Instala Subject: Quieres Reirte Message: Todos vendemos. Gracias Carod! Subject: Morena Message: Conseguir eso.. Maldito Sea! Subject: PC-CITY Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela! Subject: Mis Albumes Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia. Subject: Sonitonos Nokia Message: Politono Popcorn anuncio renault clio Subject: Carod Rovira HPuta! Message: Vodafone y Amenase fusionan. Compra un Nokia.com Subject: A mi novia Less Message: Solo trabajemos 6 horas diarias .....! Subject: Se busca gente Message: Manda tu curriculum a esta direcciony llamaran! Subject: Antena 3 y Telecinco... Message: Diapositiva PowerPoint ensymbian.com Subject: Mi e-mail es este Message: Mario y yo nos casamos en 2 meses!!. Subject: Feliz Cumple!!! Message: Felicidades!!!! Tienes una postal aki! Subject: Orgullo Gay Message: Descarga nuevos sonitonos aqui! Subject: Mi Exnovia! Message: Mp3 Player para Nokia series 60. Instalalo yaa! Subject: Mi foto erotic@ Message: Coleccion de mis fotoalbum fallas 2006!!! Subject: Quedamos a tomar algo? Message: Viva las fallas de Valencia, mascletas online Subject: Ayudanos co Message: ntra la drogadiccion, colabora ACDV 1 Euro. Subject: Me he cambiado.. Message: Me he cambiado la direccion de email, esta Subject: Llamame cuando veas Message: Problema de bateria en Nokia! Subject: Cari!! Message: AMD!!!Universidad de Madrid y Valencia. Subject: Nuevas Tiendas! Message: Hay que pagar para respirar y mear Subject: Movistar! Message: Fernando Alonso te envia una invitacion!Sr Arganda [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:26	#8 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.H Risiko: sehr gering Typ: Wurm entdeckt am: 18.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Commwarrior.H is a worm that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multmedia Cards (MMC) as a randomly named .sis file. Before the .sis file is installed, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Commwarrior.H is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install MovistarCha Creates the following files: [DriveLetter]\System\apps\Filexplorer\Filexplorer.exe (which is detected as SymbOS.Commwarrior.D) [DriveLetter]\System\apps\Filexplorer\systems.mdl Runs ultraplayer.exe, which creates the following files on the compromised device's memory card: e:\System\recogs\Systems.mdl e:\System\Systems\Systems.mdl e:\System\Systems\Filexplorer.exe Rebuilds a .sis file from the above files and copies it to the following location: e:\System\Systems\Filer.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. The worm repeats this action every minute. Randomly selects a contact phone number from the device's phonebook and sends an MMS message containing the Filer.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Mierda Estatut!! Message: PoltiTonos paramoviles,descarga ya! Subject: Comela! Message: Nuevo Virus THX para los Nokia s60s. Instala Subject: Quieres Reirte Message: Todos vendemos. Gracias Carod! Subject: Morena Message: Conseguir eso.. Maldito Sea! Subject: PC-CITY Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela! Subject: Mis Albumes Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia. Subject: Sonitonos Nokia Message: Politono Popcorn anuncio renault clio Subject: Carod Rovira HPuta! Message: Vodafone y Amenase fusionan. Compra un Nokia.com Subject: A mi novia Less Message: Solo trabajemos 6 horas diarias .....! Subject: Se busca gente Message: Manda tu curriculum a esta direcciony llamaran! Subject: Antena 3 y Telecinco... Message: Diapositiva PowerPoint ensymbian.com Subject: Mi e-mail es este Message: Mario y yo nos casamos en 2 meses!!. Subject: Feliz Cumple!!! Message: Felicidades!!!! Tienes una postal aki! Subject: Orgullo Gay Message: Descarga nuevos sonitonos aqui! Subject: Mi Exnovia! Message: Mp3 Player para Nokia series 60. Instalalo yaa! Subject: Mi foto erotic@ Message: Coleccion de mis fotoalbum fallas 2006!!! Subject: Quedamos a tomar algo? Message: Viva las fallas de Valencia, mascletas online Subject: Ayudanos co Message: ntra la drogadiccion, colabora ACDV 1 Euro. Subject: Me he cambiado.. Message: Me he cambiado la direccion de email, esta Subject: Llamame cuando veas Message: Problema de bateria en Nokia! Subject: Cari!! Message: AMD!!!Universidad de Madrid y Valencia. Subject: Nuevas Tiendas! Message: Hay que pagar para respirar y mear Subject: Movistar! Message: Fernando Alonso te envia una invitacion!Sr Arganda [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:29	#9 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.I Risiko: sehr gering Typ: Wurm entdeckt am: 25.05.2006 auch bekannt als: Information: SymbOS.Commwarrior.I is a worm that runs on Series 60 phones. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages as a randomly named .sis file. The phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. technische Details: When SymbOS.Commwarrior.I is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install Sudoku Play Creates the following files: \System\data\IloveLeslie\LeslieLoves.exe \System\data\IloveLeslie\RecQWRD.mdl Runs LeslieLoves.exe, which creates the following files on the compromised device: E:\System\recogs\RecQWRD.mdl E:\Images\_PAlbTN\RecQWRD.mdl E:\Images\_PAlbTN\Backgrounds.jpg Rebuilds a .sis file from the above files and copies it to the following location: E:\Images\_PAlbtn\Phone.jpg Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds, repeating this action every minute. Selects a contact phone number from the device's phonebook at random and sends an MMS message containing the Disco.mp3 file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message does not have a subject or message. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 19:33	#10 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commwarrior.J Risiko: sehr gering Typ: Wurm entdeckt am: 06.06.2006 auch bekannt als: Commwarrior.K [F-Secure] Information: SymbOS.Commwarrior.J is a worm that runs on Series 60 phones and drops SymbOS.Commwarrior.D onto the compromised device. It attempts to spread using Bluetooth and Multimedia Messaging Service (MMS) messages, and Multimedia Cards (MMC) as a randomly named .sis file. The phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems before the .sis file is installed. technische Details: When SymbOS.Commwarrior.J is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install MovistarBTC Creates the following files: [DRIVELETTER]\system\apps\Filexplorer\Filexplorer.exe (detected as SymbOS.Commwarrior.D) [DRIVELETTER]\system\apps\Filexplorer\systems.mdl Runs Filexplorer.exe, which creates the following files on the compromised device's memory card: e:\System\recogs\Systems.mdl e:\System\Systems\Systems.mdl e:\System\Systems\Filexplorer.exe Rebuilds a .sis file from the above files and copies it to the following location: e:\System\Systems\Filer.sis Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds. The worm repeats this action every minute. Randomly selects a contact phone number from the device's phonebook and sends an MMS message containing the Filer.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install. The message is one of the following: Subject: Mierda Estatut!! Message: PoltiTonos paramoviles,descarga ya! Subject: Comela! Message: Nuevo Virus THX para los Nokia s60s. Instala Subject: Quieres Reirte Message: Todos vendemos. Gracias Carod! Subject: Morena Message: Conseguir eso.. Maldito Sea! Subject: PC-CITY Message: Carod eres un cabron, Estatuto. Politonos de Neng !!. Follatela! Subject: Mis Albumes Message: Valencia,ciudad de Campeones. Viva el VCF!Solo Nokia. Subject: Sonitonos Nokia Message: Politono Popcorn anuncio renault clio Subject: Carod Rovira HPuta! Message: Vodafone y Amenase fusionan. Compra un Nokia.com Subject: A mi novia Less Message: Solo trabajemos 6 horas diarias .....! Subject: Se busca gente Message: Manda tu curriculum a esta direcciony llamaran! Subject: Antena 3 y Telecinco... Message: Diapositiva PowerPoint ensymbian.com Subject: Mi e-mail es este Message: Mario y yo nos casamos en 2 meses!!. Subject: Feliz Cumple!!! Message: Felicidades!!!! Tienes una postal aki! Subject: Orgullo Gay Message: Descarga nuevos sonitonos aqui! Subject: Mi Exnovia! Message: Mp3 Player para Nokia series 60. Instalalo yaa! Subject: Mi foto erotic@ Message: Coleccion de mis fotoalbum fallas 2006!!! Subject: Quedamos a tomar algo? Message: Viva las fallas de Valencia, mascletas online Subject: Ayudanos co Message: ntra la drogadiccion, colabora ACDV 1 Euro. Subject: Me he cambiado.. Message: Me he cambiado la direccion de email, esta Subject: Llamame cuando veas Message: Problema de bateria en Nokia! Subject: Cari!! Message: AMD!!!Universidad de Madrid y Valencia. Subject: Nuevas Tiendas! Message: Hay que pagar para respirar y mear Subject: Movistar! Message: Fernando Alonso te envia una invitacion!Sr Arganda [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln