|
| |
|
22.07.2007, 20:49
|
#11 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
 Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.M
Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 14.12.2005 auch bekannt als: SYMBOS_CARDTRP.F [Trend Micro] Information: SymbOS.Cardtrp.M is a Trojan horse that runs on the Symbian operating system, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows. The Trojan reportedly arrives as AZAHARI_TERORIST_PHOTO.sis. When user clicks on the .sis file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cardtrp.M is executed, it performs the following actions: Displays the following message prompting the user to install the .sis file: Install Image Compressor v1.03 Note: This message is displayed by the device installer, not by the threat itself. Displays the following message during installation: To See this pictures you have to install it software first,please click OK to continue... Drops the following files to disable various applications on the compromised device: C:\Disinfector C:\system\apps\Anti-Virus\admin.pub C:\system\apps\AntiVirus\AVServer.exe C:\system\apps\AntiVirus\AntiVirus.app C:\system\apps\AppMngr\AppMngr.app C:\system\apps\Browser\Browser.app C:\system\apps\Disinfect\Disinfect.app C:\system\apps\Disinfector\Disinfector.rsc C:\system\apps\Disinfector\last.vdb C:\system\apps\Disinfector\mdkernel32.exe C:\system\apps\EVS\EVS.aif C:\system\apps\FCommwarrior\FCommwarrior.app C:\system\apps\FileManager\FileManager.app C:\system\apps\KLAntivirus\Engine.exe C:\system\apps\KLAntivirus\KLAntivirus.app C:\system\apps\MAV\MAV.app C:\system\apps\MCE\MCE.app C:\system\apps\MMCApp\MMCApp.app C:\system\apps\MediaGallery\MediaGallery.app C:\system\apps\MobileSecurityAu\MobileSecurityAu.a pp C:\system\apps\mobilesecurity\MobileSecurity.app C:\system\apps\PhoneBook\PhoneBook.app C:\system\apps\RealPlayer\RealPlayer.app C:\system\apps\virusguard\VirusGuard.aif C:\system\recogs\mdrec32.mdl Drops the following files to the mobile device's memory card: E:\autorun.inf E:\f-secure.ico E:\F-Secure utility Help.lnk (which is a shortcut linking to F:\nokia\B_S.bat) E:\F-secure Utility.lnk (which is a shortcut linking to F:\system\F-Secure.bat) E:\Games.exe (which is detected as Trojan.Horse) E:\nokia\'.exe (which is detected as Trojan.Oxtic) E:\nokia\B_S.bat (which is a batch files running Trojan.Oxtic and W32.Rontokbro@mm) E:\nokia\TSG.exe (which is detected as W32.Rontokbro@mm) E:\system.exe (which is detected as W32.Rontokbro@mm) E:\system\apps.exe (which is detected as W32.Rontokbro@mm) E:\system\apps\Disinfect\Disinfect.rsc E:\system\apps\EVS\exovirusstop.mbm E:\system\apps\FCommwarrior\FCommwarrior.rsc E:\system\apps\FExplorer\FExplorer.App E:\system\apps\File\File.App E:\system\apps\MAV\MAV.mbm E:\system\apps\opera\blank.gif E:\system\apps\opera\comment.htt (which is detected as JS.Exception.Exploit) E:\system\apps\opera\community.gif E:\system\apps\opera\community_on.gif E:\system\apps\opera\connect.gif E:\system\apps\opera\connect_on.gif E:\system\apps\opera\drive.gif E:\system\apps\opera\file.gif E:\system\apps\opera\folder.gif E:\system\apps\opera\Folder 2.htt (which is detected as VBS.Soraci) E:\system\apps\opera\google 2.GIF E:\system\apps\opera\help.gif E:\system\apps\opera\help60.css E:\system\apps\opera\help_on.gif E:\system\apps\opera\HELP\Patch for Security reason.html E:\system\apps\opera\HELP\bul.html E:\system\apps\opera\HELP\connect.html E:\system\apps\opera\HELP\f-secure.html E:\system\apps\opera\HELP\home.html E:\system\apps\opera\HELP\index.html E:\system\apps\opera\HELP\keypad.html E:\system\apps\opera\HELP\menus.html E:\system\apps\opera\HELP\opera\542526.GIF E:\system\apps\opera\HELP\opera\F-secure Antivirus.sis (which is detected as SymbOS.Doomboot.R) E:\system\apps\opera\HELP\opera\Norton Antivirus symbian V1.0.SIS (which is detected as SymbOS.Cabir.W) E:\system\apps\opera\HELP\opera\Opera Antispyware.sis (which is detected as SymbOS.Cardtrp.M) E:\system\apps\opera\HELP\opera\blank2.jpg E:\system\apps\opera\HELP\opera\o.gif E:\system\apps\opera\HELP\opera\p_t.gif E:\system\apps\opera\HELP\opera\p_t_002.gif E:\system\apps\opera\HELP\settings.html E:\system\apps\opera\HELP\standards.html E:\system\apps\opera\HELP\start.html E:\system\apps\opera\HELP\troubleshoot.html E:\system\apps\opera\home.css E:\system\apps\opera\home.png E:\system\apps\opera\input.ini E:\system\apps\opera\keypad.gif E:\system\apps\opera\keypad_on.gif E:\system\apps\opera\link.gif E:\system\apps\opera\portal.gif E:\system\apps\opera\portal_on.gif E:\system\apps\opera\start.gif E:\system\apps\opera\start_on.gif E:\system\apps\opera\Stop.GIF E:\system\apps\opera\wml.css E:\system\apps\SystemExplorer\SystemExplorer.App E:\system\apps\virusguard\VirusGuard.mbm E:\system\F-Secure.bat, which is detected as Trojan Horse E:\system\MISS_u, which is detected as Trojan Horse E:\system\recogs\FSkulls.mdl E:\system\recogs\Flocknut.mdl E:\videos\Bali Bomb Movie.rm.exe, which is detected as Trojan Horse Note: The dropped corrupted system components may prevent the compromised device from restarting. None of the files dropped by the threat originate from F-Secure, including the files that have F-Secure icons. The dropped .html files are a modified version of Opera. This is an attempt to make the user install the malicious .sis files. Creates an autorun file on E drive, which tries to run games.exe if the memory card is inserted into a Windows computer. Uses the same icon for the dropped W32.Rontokbro@mm files as the icon used for the System folder on the memory card. When browsing the memory card on a Windows computer, the worm can be executed if a user attempts to view this folder by clicking on the icon. Displays the following message when installing the dropped file Opera Antispyware.sis: Opera Antispyware beta v1 please go to opera.com for more information Drops the following files when Opera Antispyware.sis is executed: E:\system\apps\opera\help\bali.html E:\system\apps\opera\help\home.html E:\system\apps\opera\help\opera\Black_symbian.jpg E:\system\apps\opera\help\opera\bali.jpg E:\system\apps\opera\help\opera\bali 3.jpg E:\system\apps\opera\help\opera\bali 2.jpg E:\Opera anti spyware system\opera.txt (which is detected as Adware.Istbar) E:\Opera anti spyware system\opera antispyware.bat (which is a batch file to run Adware.Istbar) Creates the following file: \system\install\AZAHARI_TERORIST_PHOTO.sis NOTE: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
22.07.2007, 20:53
|
#12 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.N
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 14.12.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.N, a minor variant of SymbOS.Cardtrp.M, is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops several threats onto the device's memory card, which can compromise computers running Windows. SymbOS.Cardtrp.N reportedly arrives as Patch__opera_8_+_Google.sis. technische Details: When SymbOS.Cardtrp.N is executed, it performs the following actions: Copies itself as the following file: Patch__opera_8_+_Google.sis Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. Displays the following message prompting the user to install the .sis file: Install Patch opera 8 + Google Displays the following message during installation: Internet patch for Symbian Opera V8 Browser featuring Google Search Engine & Opera Guard.Opera Guard is also bundle with Antivirus free Download,for more information please go to opera.com\opera8symbian\OperaGuard Drops the following files to disable various applications on the compromised device: C:\Disinfector C:\system\apps\Anti-Virus\admin.pub C:\system\apps\AntiVirus\AVServer.exe C:\system\apps\AntiVirus\AntiVirus.app C:\system\apps\AppMngr\AppMngr.app C:\system\apps\Browser\Browser.app C:\system\apps\Disinfect\Disinfect.app C:\system\apps\Disinfector\Disinfector.rsc C:\system\apps\Disinfector\last.vdb C:\system\apps\Disinfector\mdkernel32.exe C:\system\apps\EVS\EVS.aif C:\system\apps\FCommwarrior\FCommwarrior.app C:\system\apps\FileManager\FileManager.app C:\system\apps\KLAntivirus\Engine.exe C:\system\apps\KLAntivirus\KLAntivirus.app C:\system\apps\MAV\MAV.app C:\system\apps\MCE\MCE.app C:\system\apps\MMCApp\MMCApp.app C:\system\apps\MediaGallery\MediaGallery.app C:\system\apps\MobileSecurityAu\MobileSecurityAu.a pp C:\system\apps\mobilesecurity\MobileSecurity.app C:\system\apps\PhoneBook\PhoneBook.app C:\system\apps\RealPlayer\RealPlayer.app C:\system\apps\virusguard\VirusGuard.aif C:\system\recogs\mdrec32.mdl Drops the following files to the compromised device's memory card: E:\autorun.inf E:\f-secure.ico E:\F-Secure utility Help.lnk, which is a shortcut linking to F:\nokia\B_S.bat E:\F-secure Utility.lnk, which is a shortcut linking to F:\system\F-Secure.bat E:\Games.exe, which is a Trojan Horse E:\nokia\'.exe, which is Trojan.Oxtic E:\nokia\B_S.bat, which are batch files running Trojan.Oxtic and W32.Rontokbro@mm E:\nokia\TSG.exe, which is W32.Rontokbro@mm E:\system.exe, which is W32.Rontokbro@mm E:\system\apps.exe, which is W32.Rontokbro@mm E:\system\apps\Disinfect\Disinfect.rsc E:\system\apps\EVS\exovirusstop.mbm E:\system\apps\FCommwarrior\FCommwarrior.rsc E:\system\apps\FExplorer\FExplorer.App E:\system\apps\File\File.App E:\system\apps\MAV\MAV.mbm E:\system\apps\opera\blank.gif E:\system\apps\opera\comment.htt, which is a JS.Exception.Exploit E:\system\apps\opera\community.gif E:\system\apps\opera\community_on.gif E:\system\apps\opera\connect.gif E:\system\apps\opera\connect_on.gif E:\system\apps\opera\drive.gif E:\system\apps\opera\file.gif E:\system\apps\opera\folder.gif E:\system\apps\opera\Folder 2.htt, which is VBS.Soraci E:\system\apps\opera\google 2.GIF E:\system\apps\opera\help.gif E:\system\apps\opera\help60.css E:\system\apps\opera\help_on.gif E:\system\apps\opera\HELP\Patch for Security reason.html E:\system\apps\opera\HELP\bul.html E:\system\apps\opera\HELP\connect.html E:\system\apps\opera\HELP\f-secure.html E:\system\apps\opera\HELP\home.html E:\system\apps\opera\HELP\index.html E:\system\apps\opera\HELP\keypad.html E:\system\apps\opera\HELP\menus.html E:\system\apps\opera\HELP\opera\542526.GIF E:\system\apps\opera\HELP\opera\F-secure Antivirus.sis, which is SymbOS.Doomboot.R E:\system\apps\opera\HELP\opera\Norton Antivirus symbian V1.0.SIS, which is SymbOS.Cabir.W E:\system\apps\opera\HELP\opera\Opera Antispyware.sis, which is SymbOS.Cardtrp.M E:\system\apps\opera\HELP\opera\blank2.jpg E:\system\apps\opera\HELP\opera\o.gif E:\system\apps\opera\HELP\opera\p_t.gif E:\system\apps\opera\HELP\opera\p_t_002.gif E:\system\apps\opera\HELP\settings.html E:\system\apps\opera\HELP\standards.html E:\system\apps\opera\HELP\start.html E:\system\apps\opera\HELP\troubleshoot.html E:\system\apps\opera\home.css E:\system\apps\opera\home.png E:\system\apps\opera\input.ini E:\system\apps\opera\keypad.gif E:\system\apps\opera\keypad_on.gif E:\system\apps\opera\link.gif E:\system\apps\opera\portal.gif E:\system\apps\opera\portal_on.gif E:\system\apps\opera\start.gif E:\system\apps\opera\start_on.gif E:\system\apps\opera\Stop.GIF E:\system\apps\opera\wml.css E:\system\apps\SystemExplorer\SystemExplorer.App E:\system\apps\virusguard\VirusGuard.mbm E:\system\F-Secure.bat, which is a Trojan Horse E:\system\MISS_u, which is a Trojan Horse E:\system\recogs\FSkulls.mdl E:\system\recogs\Flocknut.mdl E:\videos\Bali Bomb Movie.rm.exe, which is a Trojan Horse Note: The dropped corrupted system components may prevent the compromised device from restarting. It is important to note that none of the dropped files are from F-Secure, even though some files dropped to the memory card are displayed with F-Secure icons. The dropped HTML files are modified version of Opera, which attempt to fool the user to install the dropped Symbian malware SIS files. Creates an autorun file on E drive, which tries to run games.exe if the memory card is inserted into a Windows computer. The file games.exe is a Trojan horse. Uses the same image of the icon for the dropped W32.Rontokbro@mm files as the icon for the System folder on the memory card. When browsing the memory card on a Windows computer, the worm can be executed if a user attempts to view this folder by clicking on the icon. The following file is created: \system\install\Patch__opera_8_+_Google.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
22.07.2007, 20:56
|
#13 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.O
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 15.12.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.O is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows. The Trojan reportedly arrives as .\PARIS_HILTON__NEW_IN_CAR.RMRM. The Trojan reportedly arrives as a .sis file. When user clicks on the .RM file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When Symbos.Cardtrp.O is executed, it performs the following actions: Displays the following message: Install VIDEO COMPRESSOR V1.0 Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems Displays the following message prompting the user to install the .sis file: TO PLAY THIS VIDEOS YOU HAVE TO INSTALL IT AND COMPRESSING THE VIDEO FIRST,PLEASE OK TO CONTINUE.. Drops the following files to disable various applications on the compromised device: C:\system\recogs\mdrec32.mdl C:\system\apps\MMCApp\MMCApp.app C:\system\apps\MediaGallery\MediaGallery.app C:\system\apps\MCE\MCE.app C:\system\apps\Browser\Browser.app C:\system\apps\EVS\EVS.aif C:\system\apps\MAV\MAV.app C:\system\apps\virusguard\VirusGuard.aif C:\system\apps\RealPlayer\RealPlayer.app C:\system\apps\PhoneBook\PhoneBook.app C:\system\apps\Anti-Virus\admin.pub C:\system\apps\AntiVirus\AntiVirus.app C:\system\apps\Disinfect\Disinfect.app C:\system\apps\Disinfector\mdkernel32.exe C:\system\apps\Disinfector\last.vdb C:\system\apps\Disinfector\Disinfector.rsc C:\system\apps\FCommwarrior\FCommwarrior.app C:\system\apps\KLAntivirus\KLAntivirus.app C:\system\apps\KLAntivirus\Engine.exe C:\system\apps\mobilesecurity\MobileSecurity.app C:\system\apps\MobileSecurityAu\MobileSecurityAu.a pp C:\system\apps\AppMngr\AppMngr.app C:\Disinfector Drops the following files to the mobile device's memory card: E:\autorun.inf E:\f-secure.ico E:\system\MISS_u E:\system\F-Secure.bat (Detected as BAT.Silly.B.gen) E:\system\recogs\FSkulls.mdl E:\system\recogs\Flocknut.mdl E:\system\apps\File\File.App E:\system\apps\FileManager\FileManager.app E:\system\apps\FExplorer\FExplorer.App E:\system\apps\SystemExplorer\SystemExplorer.App E:\system\apps\EVS\exovirusstop.mbm E:\system\apps\MAV\MAV.mbm E:\system\apps\virusguard\VirusGuard.mbm E:\system\apps\AntiVirus\AVServer.exe E:\system\apps\Disinfect\Disinfect.rsc E:\system\apps\FCommwarrior\FCommwarrior.rsc E:\system\apps\opera\comment.htt (Detected as JS.Exception.Exploit) E:\system\apps\opera\Folder 2.htt (Detected as VBS.Soraci) E:\system\apps\opera\HELP\bul.html E:\system\apps\opera\HELP\f-secure.html E:\system\apps\opera\HELP\opera\F-secure Antivirus.sis (Detected as SymbOS.Doomboot.R) E:\system\apps\opera\HELP\opera\o.gif E:\system\apps\opera\HELP\opera\p_t_002.gif E:\system\apps\opera\HELP\opera\p_t.gif E:\system\apps\opera\HELP\opera\blank2.jpg E:\system\apps\opera\HELP\opera\542526.GIF E:\system\apps\opera\HELP\opera\Norton Antivirus symbian V1.0.SIS (Detected as SymbOS.Cabir.W) E:\system\apps\opera\HELP\opera\Opera Antispyware.sis (Detected as SymbOS.Cardtrp.M) E:\system\apps\opera\HELP\troubleshoot.html E:\system\apps\opera\HELP\start.html E:\system\apps\opera\HELP\standards.html E:\system\apps\opera\HELP\settings.html E:\system\apps\opera\HELP\Patch for Security reason.html E:\system\apps\opera\HELP\menus.html E:\system\apps\opera\HELP\keypad.html E:\system\apps\opera\HELP\index.html E:\system\apps\opera\HELP\home.html E:\system\apps\opera\HELP\connect.html E:\system\apps\opera\wml.css E:\system\apps\opera\Stop.GIF E:\system\apps\opera\start_on.gif E:\system\apps\opera\start.gif E:\system\apps\opera\portal_on.gif E:\system\apps\opera\portal.gif E:\system\apps\opera\link.gif E:\system\apps\opera\keypad_on.gif E:\system\apps\opera\keypad.gif E:\system\apps\opera\input.ini E:\system\apps\opera\home.png E:\system\apps\opera\home.css E:\system\apps\opera\help_on.gif E:\system\apps\opera\help60.css E:\system\apps\opera\help.gif E:\system\apps\opera\google 2.GIF E:\system\apps\opera\folder.gif E:\system\apps\opera\file.gif E:\system\apps\opera\drive.gif E:\system\apps\opera\connect_on.gif E:\system\apps\opera\connect.gif E:\system\apps\opera\community_on.gif E:\system\apps\opera\community.gif E:\system\apps\opera\blank.gif E:\system\apps.exe (detected as W32.Rontokbro@mm) E:\Games.exe (Detected as Trojan Horse) E:\F-Secure utility Help.lnk E:\F-secure Utility.lnk E:\videos\Bali Bomb Movie.rm.exe (Detected as Trojan Horse) E:\nokia\B_S.bat E:\nokia\TSG.exe (Detected asW32.Rontokbro@mm) E:\nokia\'.exe (detected as Trojan.Oxtic) E:\system.exe (Detected as W32.Rontokbro@mm) Creates an autorun file which tries to run games.exe if the memory card is inserted into a Windows computer. The file games.exe is a Trojan horse program. [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
|
22.07.2007, 20:58
|
#14 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.P
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 16.12.2005 auch bekannt als: SYMBOS_CARDTRP.D [Trend Micro] Information: SymbOS.Cardtrp.P is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows. SymbOS.Cardtrp.P reportedly arrives as Black_Symbian_Updater.sis. technische Details: When SymbOS.Cardtrp.P is executed, it performs the following actions: Copies itself as the following file: Black_Symbian_Updater.sis Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the Antiviruspack.sis file: Black_Symbian_Updater Displays the following message during the installation process: Developer by BLACK_SYMBIAN Drops the following files to the compromised device, some of which may overwrite legitimate files and disable various applications on the compromised device: .\cwoutcast.sis (A copy of SymbOS.Commwarrior.C) C:\System\Apps\Anti-Virus\Anti-Virus.app C:\System\Apps\Anti-Virus\FsAVUpdater.app C:\System\Apps\Antivirus\Antivirus.App C:\System\Apps\CabirFix\CabirFix.App C:\System\Apps\Decabir\DECABIR.APP C:\System\Apps\Disinfect\Disinfect.app C:\System\Apps\EVS\EVS.app.App C:\System\Apps\F-Secure\F-Secure.App C:\System\Apps\FExplorer\FExplorer.app C:\System\Apps\FREAKBtUi\FREAKBtUi.R01 C:\System\Apps\FREAKBtUi\FREAKBtUi.R13 C:\System\Apps\FREAKBtUi\FREAKBtUi.aif C:\System\Apps\FREAKBtUi\FREAKBtUi.app C:\System\Apps\FREAKBtUi\FREAKBtUi_CAPTION.R13 C:\System\Apps\FREAKBtUi\FREAKBtUi_CAPTION.r01 C:\System\Apps\FreakMenu\FREAKMENU.APP C:\System\Apps\FreakMenu\FREAKMENU.RSC C:\System\Apps\FreakMenu\FreakMenu.aif C:\System\Apps\FreakMenu\FreakMenu_caption.rsc C:\System\Apps\FreakPhone\FREAKPHONE.APP C:\System\Apps\FreakPhone\FREAKPHONE.RSC C:\System\Apps\FreakPhone\FREAKPHONE_CAPTION.RSC C:\System\Apps\FreakPhone\FreakPhone.aif C:\System\Apps\Kaspersky\Kaspersky.App C:\System\Apps\mobilesecurity\mobilesecurity.App C:\System\Apps\symcs\symav.ini C:\System\Apps\symcs\symcs.aif C:\System\Apps\symcs\symcs.app C:\System\Apps\symcs\symcs.log C:\System\Apps\symcs\symcsr.rsc C:\System\Apps\symcs\symfilter.rsc C:\System\Apps\symlu\symlu.App C:\System\Apps\SystemExplorer\SystemExplorer.app C:\System\Apps\TrendMicro\TrendMicro.App Drops the following files to the compromised device's memory card: E:\autorun.inf E:\Data.exe (A copy of W32.Sober.X@mm) E:\fsb.exe (A copy of Backdoor.Berbew.N) E:\Gavno.sis (A copy of SymbOS.Cabir) E:\infectSIS.exe (The Windows component of SymbOS.Lasco.A) E:\Phone.exe (A copy of Infostealer.Kuang.B) E:\system.exe (A copy of W32.Wullik@mm) E:\Worm.ICO E:\System\Apps.exe (A copy of W32.Ifbo.A) E:\System\Apps\AppInst\Appinst.aif E:\System\Apps\AppInst\Appinst.app E:\System\Apps\AppMngr\AppMngr.app E:\System\Apps\BtUi\BTUI.R01 E:\System\Apps\BtUi\BTUI.R13 E:\System\Apps\BtUi\BTUI.aif E:\System\Apps\BtUi\BTUI.app E:\System\Apps\BtUi\BTUI_CAPTION.R13 E:\System\Apps\BtUi\BTUI_CAPTION.r01 E:\System\Apps\caribe\caribe.app (A copy of SymbOS.Cabir.B) E:\System\Apps\caribe\caribe.rsc E:\System\Apps\caribe\flo.mdl (A copy of SymbOS.Cabir) E:\System\Apps\GS\GS.app E:\System\Apps\MCE\MCE.app E:\System\Apps\mmcapp\MMCApp.app E:\System\Apps\SatUi\Satui.app E:\System\Apps\SimDir\SimDir.app Note: The image of the icon for one of the files dropped above, E:\system.exe (A copy of W32.Wullik@mm), is the same as the icon for the System folder on the memory card. When a user is browsing the contents of the memory card on a Windows computer, they may inadvertently execute this worm on the computer by clicking on the icon. Other files dropped by the Trojan are corrupted system components, which may prevent the compromised device from restarting. Creates an autorun file on the memory card, which tries to run E:\Phone.exe (A copy of Infostealer.Kuang.B) if the card is inserted into a Windows computer. The following file is also created by the device Installer, not the threat: \system\install\Antiviruspack.sis [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
22.07.2007, 21:00
|
#15 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.Q
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 27.01.2006 auch bekannt als: SymbOS.Cardtrp.P Information: SymbOS.Cardtrp.Q is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan may attempt to install another Symbian threat onto the compromised device and a Windows Trojan horse onto the device's memory card. It also disables legitimate Symbian applications. SymbOS.Cardtrp.Q reportedly arrives as Half Life 2 - Gameloft .sis. technische Details: When SymbOS.Cardtrp.Q is executed, it performs the following actions: Copies itself as the following file: Half Life 2 - Gameloft .sis Note: If the user opens this file, the device Installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the Half Life 2 - Gameloft .sis file: Install Half Life 2 - Gameloft Displays the following message during the installation process: You must restart your phone!!!!!!!! If you not restart within 2 minutes, your phone will be crash!!! SO, BE CAREFUL AND DON'T FORGET!!!! Drops the following files to the compromised device to disable various applications on the compromised device: .\PBCompressor.sis (A copy of SymbOS.Pbstealer.B) %DriveLetter%\System\Apps\DECABIR\DECABIR.app %DriveLetter%\System\Apps\Disinfect\Disinfect.app %DriveLetter%\System\Apps\EVS\EVS.app %DriveLetter%\System\Apps\FCommwarrior\FCommwarrio r.app %DriveLetter%\System\Apps\FExplorer\FExplorer.app %DriveLetter%\System\Apps\File\File.app %DriveLetter%\System\Apps\MAV\MAV.app %DriveLetter%\System\Apps\MAV\MAV.rsc %DriveLetter%\System\Apps\MAV\MAV_caption.rsc %DriveLetter%\System\Apps\Opera\Opera.app %DriveLetter%\System\Apps\SmartFileMan\SmartFileMa n.app %DriveLetter%\System\Apps\SystemExplorer\SystemExp lorer.app %DriveLetter%\System\Apps\cabirfix\cabirfix.app %DriveLetter%\System\Apps\eFileman\eFileman.app C:\System\Apps\About\About.app C:\System\Apps\Anti-Virus\Anti-Virus.app C:\System\Apps\Anti-Virus\Anti-Virus.rsc C:\System\Apps\Anti-Virus\FSAV.dll C:\System\Apps\Anti-Virus\FSAVDT.exe C:\System\Apps\Anti-Virus\FSSMSManager.dll C:\System\Apps\Anti-Virus\FSSched.app C:\System\Apps\Anti-Virus\FSUpdateManager.dll C:\System\Apps\Anti-Virus\FsAVUpdater.app C:\System\Apps\Anti-Virus\FsAVUpdater.rsc C:\System\Apps\Anti-Virus\FsMonitorPluginAV.dll C:\System\Apps\AppCtrl\Appctrl.app C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\BtUi\BtUi.r01 C:\System\Apps\BtUi\BtUi.r13 C:\System\Apps\BtUi\BtUi.r59 C:\System\Apps\BtUi\BtUi.r70 C:\System\Apps\BtUi\BtUi_Caption.r01 C:\System\Apps\BtUi\BtUi_Caption.r13 C:\System\Apps\BtUi\BtUi_Caption.r59 C:\System\Apps\BtUi\BtUi_Caption.r70 C:\System\Apps\Calcsoft\Calcsoft.app C:\System\Apps\Calendar\Calendar.app C:\System\Apps\Camera\Camera.app C:\System\Apps\FileManager\FileManager.app C:\System\Apps\Logs\Logs.app C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\mce\mce.app C:\System\Apps\symcs\Listenerexe.exe C:\System\Apps\symcs\avcfg.exe C:\System\Apps\symcs\fwcfg.exe C:\System\Apps\symcs\symcs.app C:\System\Apps\symcs\taskimplementor.exe C:\System\contacts\contact.exe C:\System\Fonts\contact.gdr C:\System\programs\contact.exe Note: %DriveLetter% is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The files dropped by the Trojan are corrupted system components, and may disable the following applications on the compromised device: Application manager Browser Calendar File manager Bluetooth manager MMS and SMS messaging inbox Drops the following files to the compromised device's memory card: E:\autorun.inf E:\contact.exe, which is a Trojan Horse E:\ot.ico Note: The autorun file tries to run contact.exe (A Trojan Horse file) if the card is inserted into a Windows computer. The files ot.ico is displayed with F-Secure icons. This is an attempt to trick the user into installing the Trojan Horse file contact.exe when the card is inserted into a computer running Windows and this threat is not connected to F-Secure in any way. The following file is also created by the device Installer, not the threat: \system\install\Half Life 2 - Gameloft .sis [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
22.07.2007, 21:08
|
#16 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.R
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 27.01.2006 auch bekannt als: SymbOS.Cardtrp.Q Information: SymbOS.Cardtrp.R is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan may attempt to install other Symbian threats onto the compromised device and a Windows worm onto the device's memory card. It also disables legitimate Symbian applications. SymbOS.Cardtrp.R reportedly arrives as KingKong Game - CRACKED .sis. technische Details: When SymbOS.Cardtrp.R is executed, it performs the following actions: Copies itself as the following file: KingKong Game - CRACKED .sis Note: If the user opens this file, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the KingKong Game - CRACKED .sis file: Install KingKong Game - CRACKED Displays the following message during the installation process: Enjoy the game, guys, just press OK and sit down, cracked by san_SHAK**.  Drops the following files to the compromised device to disable various applications on the compromised device: .\Lasco.sis (a copy of SymbOS.Lasco.A) %DriveLetter%\System\install\kingkonggame_full.sis %DriveLetter%\System\programs\data.EXE (a copy of Trojan.Mousedisable) C:\System\Apps\About\About.app C:\System\Apps\Anti-Virus\Anti-Virus.app C:\System\Apps\Antivirus\Antivirus.app C:\System\Apps\AppCtrl\AppCtrl.app C:\System\Apps\AppInst\AppInst.app C:\System\Apps\AppMngr\AppMngr.app C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\Camera\Camera.app C:\System\Apps\EVS\EVS.app C:\System\Apps\EVS\EVS.rsc C:\System\Apps\FileManager\FileManager.app C:\System\Apps\Logs\Logs.app C:\System\Apps\MCE\MCE.app C:\System\Apps\mmcapp\mmcapp.app C:\System\Apps\Notepad\Notepad.app C:\System\Apps\spooky\NAVRECOG.MDL (a copy of SymbOS.Cabir.W) C:\System\Apps\spooky\SPOOKY.APP (a copy of SymbOS.Cabir.W) C:\System\Apps\spooky\SPOOKY.MBM C:\System\Apps\spooky\SPOOKY.RSC C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\SnakeEx\SnakeEx.app C:\System\Apps\symcs\Security.app C:\System\Apps\symcs\Security.rsc C:\System\Apps\symcs\symcs.app C:\System\Apps\symcs\symcs.rsc C:\System\Apps\symlu\symlu.exe C:\System\Apps\symlu\symlu.rsc C:\System\Apps\VirusScan\VirusScan.app C:\System\Apps\VirusScan\VirusScan.rsc C:\System\bootdata\dat\data.EXE (a copy of Trojan.Mousedisable) C:\System\Fonts\heeeee.gdr Note: %DriveLetter% is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The files dropped by the Trojan are corrupted system components, and may disable the following applications on the compromised device: Application manager Browser Camera Notepad File manager Bluetooth manager MMS and SMS messaging inbox Drops the following files to the compromised device's memory card: E:\System\Apps\cabirfix\cabirfix.app E:\System\Apps\DECABIR\DECABIR.app E:\System\Apps\Disinfect\Disinfect.app E:\System\Apps\eFileman\eFileman.app E:\System\Apps\FCommwarrior\FCommwarrior.app E:\System\Apps\FExplorer\FExplorer.app E:\System\Apps\File\File.app E:\System\Apps\Opera\Opera.app E:\System\Apps\SmartFileMan\SmartFileMan.app E:\System\Apps\SystemExplorer\SystemExplorer.app E:\System\recogs\NAVRECOG.MDL (a copy of SymbOS.Cabir.W) The following file is also created by the device Installer, not the threat: \system\install\KingKong Game - CRACKED .sis [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
|
|
22.07.2007, 21:10
|
#17 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.S
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 27.01.2006 auch bekannt als: SymbOS.Cardtrp.R Information: SymbOS.Cardtrp.S is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan may attempt to install another Symbian threat onto the compromised device and a Windows Trojan horse onto the device's memory card. It also disables legitimate Symbian applications. SymbOS.Cardtrp.S reportedly arrives as RealPlayer v01.00.sis. technische Details: When SymbOS.Cardtrp.S is executed, it performs the following actions: Copies itself as the following file: RealPlayer v01.00.sis Note: If the user opens this file, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the KingKong Game - CRACKED .sis file: Install RealPlayer v01.00 Displays the following message during the installation process: This installer was created with MakeSis v1.0 by Gip. For info: http:/ /www.giptech.tk Drops the following files to the compromised device to disable various applications on the compromised device: .\PBCompressor.sis (a copy of SymbOS.Pbstealer.B) %DriveLetter%\System\Apps\FCommwarrior\FCommwarrio r.app %DriveLetter%\System\Apps\FExplorer\FExplorer.app %DriveLetter%\System\Apps\File\File.app %DriveLetter%\System\Apps\SmartFileMan\SmartFileMa n.app %DriveLetter%\System\Apps\SystemExplorer\SystemExp lorer.app C:\System\Apps\AppInst\AppInst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\Calcsoft\Calcsoft.app C:\System\Apps\Calendar\calendar.app C:\System\Apps\Camera\Camera.app C:\System\Apps\ClockApp\ClockApp.app C:\System\Apps\Disinfect\Disinfect.app C:\System\Apps\eFileman\efileman.app C:\System\Apps\EVS\EVS.app C:\System\Apps\FileManager\FileManager.app C:\System\Apps\Logs\Logs.app C:\System\Apps\mce\mce.app C:\System\Apps\MediaPlayer\MediaPlayer.app C:\System\Apps\Menu\Menu.app C:\System\Apps\mmcapp\mmcapp.app C:\System\Apps\Notepad\Notepad.app C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\ProfileApp\profileapp.app C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\ToDo\ToDo.app C:\System\Fonts\scared.gdr C:\System\Programs\sadako.exe C:\System\Uploader\KingKong Game - CRACKED .sis (a copy of SymbOS.Cardtrp.R) C:\System\Uploader\sadako.exe C:\System\Apps\About\about.app Note: %DriveLetter% is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The files dropped by the Trojan are corrupted system components, and may disable the following applications on the compromised device: Application installer Application manager Camera Calculator Menu Notepad Phonebook File manager Bluetooth manager MMS and SMS messaging inbox ToDo list The dropped SymbOS.Cardtrp.R attempts to install a Windows Trojan Horse onto the compromised device's memory card. The following file is also created by the device Installer, not the threat: \system\install\RealPlayer v01.00.sis [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
22.07.2007, 21:14
|
#18 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.T
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 03.02.2006 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.T is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan may attempt to install other threats onto the compromised device and onto the device's memory card. It also disables legitimate Symbian applications. technische Details: It has been reported that the Trojan arrives on the compromised device as the following file: BattleField 2 - GAMELOFT.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the .sis file: Install BattleField 2 - GAMELOFT When SymbOS.Cardtrp.T is executed, it performs the following actions: Drops the following copies of itself, disabling various applications on the compromised device: [DRIVE LETTER]\System\Apps\Disinfect\Disinfect.app [DRIVE LETTER]\System\Apps\EVS\EVS.app [DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.app [DRIVE LETTER]\System\Apps\FExplorer\FExplorer.app [DRIVE LETTER]\System\Apps\File\File.app [DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app [DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app [DRIVE LETTER]\System\Apps\eFileMan\eFileman.app C:\System\Apps\About\About.app C:\System\Apps\Anti-virus\AVBioIcons.mbm C:\System\Apps\Anti-virus\Anti-Virus.app C:\System\Apps\Anti-virus\Anti-Virus.rsc C:\System\Apps\Anti-virus\AntiVirus.hlp C:\System\Apps\Anti-virus\FSAVDT.exe C:\System\Apps\Anti-virus\FSAVEPOC.DAT C:\System\Apps\Anti-virus\FSBioMessage.bif C:\System\Apps\Anti-virus\FSBioMessageParser.dll C:\System\Apps\Anti-virus\FSBioMessageViewer.dll C:\System\Apps\Anti-virus\FSMonitor.dll C:\System\Apps\Anti-virus\FSRec.mdl C:\System\Apps\Anti-virus\FSSMSManager.dll C:\System\Apps\Anti-virus\FSSched.app C:\System\Apps\Anti-virus\FSSched.rsc C:\System\Apps\Anti-virus\FSServerLauncher.exe C:\System\Apps\Anti-virus\FSUpdateManager.dll C:\System\Apps\Anti-virus\FsAVUpdater.app C:\System\Apps\Anti-virus\FsAVUpdater.rsc C:\System\Apps\Anti-virus\Hydra1.DLL C:\System\Apps\Anti-virus\licencemanager20s.dll C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\Calcsoft\Calcsoft.app C:\System\Apps\Camera\Camera.app C:\System\Apps\Logs\Logs.app C:\System\Apps\Opera\Opera.app C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\ToDo\ToDo.app C:\System\Apps\bootdata\bootdata.app C:\System\Apps\bootdata\bootdata_CAPTION.rsC C:\System\Apps\data\data.app C:\System\Apps\data\data_CAPTION.rsC C:\System\Apps\mce\mce.app C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. Drops the following files, which are detected as SymbOS.Skulls.C, disabling various applications on the compromised device: [DRIVE LETTER]\System\Apps\Disinfect\Disinfect.aif [DRIVE LETTER]\System\Apps\eFileMan\eFileman.aif [DRIVE LETTER]\System\Apps\EVS\EVS.aif [DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.aif [DRIVE LETTER]\System\Apps\FExplorer\FExplorer.aif [DRIVE LETTER]\System\Apps\File\File.aif [DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif [DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif C:\System\Apps\About\About.aif C:\System\Apps\Anti-virus\Anti-virus.aif C:\System\Apps\Anti-virus\FsAVUpdater.aif C:\System\Apps\Anti-virus\FSSched.aif C:\System\Apps\AppInst\Appinst.aif C:\System\Apps\AppMngr\Appmngr.aif C:\System\Apps\bootdata\bootdata.aif C:\System\Apps\Browser\Browser.aif C:\System\Apps\BtUi\BtUi.aif C:\System\Apps\Calcsoft\Calcsoft.aif C:\System\Apps\Camera\Camera.aif C:\System\Apps\data\data.aif C:\System\Apps\Logs\Logs.aif C:\System\Apps\mce\mce.aif C:\System\Apps\Opera\Opera.aif C:\System\Apps\Phonebook\Phonebook.aif C:\System\Apps\SmsEditor\SmsEditor.aif C:\System\Apps\SmsViewer\SmsViewer.aif C:\System\Apps\ToDo\ToDo.aif C:\System\Programs\antivirus-pro.exe (A copy of Trojan Horse) C:\System\recogs\$$$.MDL (A copy of SymbOS.Cabir.M) C:\System\recogs\YYSBootRec.mdl (A copy of SymbOS.Skulls.D) Drops the following files to the compromised device's memory card: E:\ANTI-VIRUS.exe (A copy of Trojan Horse) E:\autorun.inf E:\phone.ico Note: The autorun.inf file tries to run ANTI-VIRUS.exe if the card is inserted into a Windows computer. The following file is also created by the device Installer, not the threat: \System\Install\BattleField 2 - GAMELOFT.sis [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
22.07.2007, 21:17
|
#19 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.U
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 08.02.2006 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.U is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables several applications installed on the device and drops a Trojan horse onto the device's memory card, which can compromise computers running Windows. technische Details: It has been reported that the Trojan arrives on the compromised device as the following file: Adobe Reader 3 - Cracked.sis When SymbOS.Cardtrp.U is executed, it performs the following actions: Displays the following message: Adobe Reader 3.0 ---------------------------------- You are going to install Adobe Reader ver 3.0 build 74 to your phone. After Installing this program, restart your phone immediately. --------------------- Drops the following files to disable various applications on the compromised device: [DRIVE LETTER]\System\Apps\Disinfect\Disinfect.aif [DRIVE LETTER]\System\Apps\Disinfect\Disinfect.app [DRIVE LETTER]\System\Apps\EVS\EVS.aif [DRIVE LETTER]\System\Apps\EVS\EVS.app [DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.aif [DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.app [DRIVE LETTER]\System\Apps\File\File.aif [DRIVE LETTER]\System\Apps\File\File.app [DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif [DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app [DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif [DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\Thumbs.db C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif C:\System\Apps\About\About.aif C:\System\Apps\About\About.app C:\System\Apps\Anti-virus\AVBioIcons.mbm C:\System\Apps\Anti-virus\Anti-Virus.aif C:\System\Apps\Anti-virus\Anti-Virus.app C:\System\Apps\Anti-virus\Anti-Virus.rsc C:\System\Apps\Anti-virus\AntiVirus.hlp C:\System\Apps\Anti-virus\FSAVDT.exe C:\System\Apps\Anti-virus\FSAVEPOC.DAT C:\System\Apps\Anti-virus\FSBioMessage.bif C:\System\Apps\Anti-virus\FSBioMessageParser.dll C:\System\Apps\Anti-virus\FSBioMessageViewer.dll C:\System\Apps\Anti-virus\FSMonitor.dll C:\System\Apps\Anti-virus\FSRec.mdl C:\System\Apps\Anti-virus\FSSMSManager.dll C:\System\Apps\Anti-virus\FSSched.aif (Detected as SymbOS.Skulls.C) C:\System\Apps\Anti-virus\FSSched.app C:\System\Apps\Anti-virus\FSSched.rsc C:\System\Apps\Anti-virus\FSServerLauncher.exe C:\System\Apps\Anti-virus\FSUpdateManager.dll C:\System\Apps\Anti-virus\FsAVUpdater.aif (Detected as SymbOS.Skulls.C) C:\System\Apps\Anti-virus\FsAVUpdater.app C:\System\Apps\Anti-virus\FsAVUpdater.rsc C:\System\Apps\Anti-virus\Hydra1.DLL C:\System\Apps\Anti-virus\licencemanager20s.dll C:\System\Apps\AppInst\Appinst.aif C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.aif C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\bootdata\bootdata.aif C:\System\Apps\bootdata\bootdata.app C:\System\Apps\bootdata\bootdata_CAPTION.rsC C:\System\Apps\Browser\Browser.aif C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.aif C:\System\Apps\BtUi\BtUi.app C:\System\Apps\eFileMan\eFileman.aif C:\System\Apps\eFileMan\eFileman.app C:\System\Apps\FExplorer\FExplorer.aif (Detected as SymbOS.Skulls.C) C:\System\Apps\FExplorer\FExplorer.app C:\System\Apps\Logs\Logs.aif C:\System\Apps\Logs\Logs.app C:\System\Apps\mce\mce.aif C:\System\Apps\mce\mce.app C:\System\Apps\Opera\Opera.aif C:\System\Apps\Opera\Opera.app C:\System\Apps\Phonebook\Phonebook.aif C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\SmsEditor\SmsEditor.aif C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.aif C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\symcs\avcfg.exe (Detected as SymbOS.Skulls.C) C:\System\Apps\symcs\aveng.dll C:\System\Apps\symcs\avlistenerplugin.dll C:\System\Apps\symcs\avpatcher.exe C:\System\Apps\symcs\avserver.dll C:\System\Apps\symcs\avupdateplugin.dll C:\System\Apps\symcs\eventreport.exe C:\System\Apps\symcs\firewall.dat C:\System\Apps\symcs\fwcfg.exe C:\System\Apps\symcs\inav.exe C:\System\Apps\symcs\inav2.exe C:\System\Apps\symcs\listenerexe.exe C:\System\Apps\symcs\listenernotifier.exe C:\System\Apps\symcs\listenerserver.dll C:\System\Apps\symcs\listenerserverexe.exe C:\System\Apps\symcs\sav.cfg C:\System\Apps\symcs\savce.def C:\System\Apps\symcs\script.dis C:\System\Apps\symcs\ssengine.dll C:\System\Apps\symcs\ssi0x101fbf90.dll C:\System\Apps\symcs\symact.dll C:\System\Apps\symcs\symactcons.exe C:\System\Apps\symcs\symantecei.exe C:\System\Apps\symcs\symap.dll C:\System\Apps\symcs\symapfsl.dll C:\System\Apps\symcs\symapsrv.exe C:\System\Apps\symcs\symapsrv.rsc C:\System\Apps\symcs\symav.ini C:\System\Apps\symcs\symavapi.dll C:\System\Apps\symcs\symcs.aif C:\System\Apps\symcs\symcs.app C:\System\Apps\symcs\symcs.log C:\System\Apps\symcs\symcs.mbm C:\System\Apps\symcs\symcs.rsc C:\System\Apps\symcs\symdec.dll C:\System\Apps\symcs\symfilter.dll C:\System\Apps\symcs\symfilter.rsc C:\System\Apps\symcs\symfsrav.dll C:\System\Apps\symcs\symlistsrvint.dll C:\System\Apps\symcs\symlogger.dll C:\System\Apps\symcs\symneth7.prt C:\System\Apps\symcs\symplav.dll C:\System\Apps\symcs\symset.dll C:\System\Apps\symcs\symset.rsc C:\System\Apps\symcs\taskimplementor.exe C:\System\Apps\symcs\unav.exe C:\System\Apps\ToDo\ToDo.aif C:\System\Apps\ToDo\ToDo.app C:\System\programs\ANTI-VIRUS.exe (Detected as Trojan Horse) C:\System\recogs\$$$.MDL (Detected as SymbOS.Cabir.M) C:\System\recogs\YYSBootRec.mdl (Detected as SymbOS.Skulls.D) C:\System\symantec\Symantec--MOBILEXXX\sanshaker_av.exe (Detected as Trojan Horse) Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. Most files dropped by the Trojan are corrupted system components, and may disable the following applications on the compromised device: About Application installer Application manager Browser Phonebook File manager Bluetooth manager MMS and SMS messaging inbox ToDo list Drops the following files onto the compromised device's memory card: E:\Adobe Acrobat 75 Pro.exe (Detected as Trojan Horse) E:\autorun.inf E:\folder.ico Note: The autorun.inf file tries to run Adobe Acrobat 75 Pro.exe if the card is inserted into a Windows computer. [Link nur für registrierte Mitglieder sichtbar.]
__________________
lesen - denken - posten |
|
|
|
|
|
22.07.2007, 21:21
|
#20 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 3.236 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 309
Uploads: 305
Abgegebene Danke: 40
Erhielt 399 Danke für 221 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.V
Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 08.02.2006 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.V is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables several applications installed on the device and drops a Trojan horse onto the device's memory card, which can compromise computers running Windows. technische Details: It has been reported that the Trojan arrives on the compromised device as the following file: Symantec Mobile Firewall.sis Note: This file name is chosen in an attempt to trick users into installing this Trojan. However, Symantec is not associated with this, or any other threat, in any way. When SymbOS.Cardtrp.V is executed, it performs the following actions: Drops the following files to disable various applications on the compromised device: [DRIVE LETTER]:\System\Apps\Disinfect\Disinfect.app [DRIVE LETTER]:\System\Apps\eFileMan\eFileman.app [DRIVE LETTER]:\System\Apps\EVS\EVS.app [DRIVE LETTER]:\System\Apps\File\File.app [DRIVE LETTER]:\System\Apps\FCommwarrior\FCommwarrior.app [DRIVE LETTER]:\System\Apps\Opera\Opera.app [DRIVE LETTER]:\System\Apps\SmartFileMan\SmartFileMan.app [DRIVE LETTER]:\System\Apps\SystemExplorer\SystemExplorer.app C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif C:\System\Apps\About\About.app C:\System\Apps\Anti-virus\AVBioIcons.mbm C:\System\Apps\Anti-virus\Anti-Virus.app C:\System\Apps\Anti-virus\Anti-Virus.rsc C:\System\Apps\Anti-virus\AntiVirus.hlp C:\System\Apps\Anti-virus\FSAVDT.exe C:\System\Apps\Anti-virus\FSAVEPOC.DAT C:\System\Apps\Anti-virus\FSBioMessage.bif C:\System\Apps\Anti-virus\FSBioMessageParser.dll C:\System\Apps\Anti-virus\FSBioMessageViewer.dll C:\System\Apps\Anti-virus\FSMonitor.dll C:\System\Apps\Anti-virus\FSRec.mdl C:\System\Apps\Anti-virus\FSSMSManager.dll C:\System\Apps\Anti-virus\FSSched.app C:\System\Apps\Anti-virus\FSSched.rsc C:\System\Apps\Anti-virus\FSServerLauncher.exe C:\System\Apps\Anti-virus\FSUpdateManager.dll C:\System\Apps\Anti-virus\FsAVUpdater.app C:\System\Apps\Anti-virus\FsAVUpdater.rsc C:\System\Apps\Anti-virus\Hydra1.DLL C:\System\Apps\Anti-virus\licencemanager20s.dll C:\System\Apps\AppInst\Appinst.app C:\System\Apps\AppMngr\Appmngr.app C:\System\Apps\bootdata\bootdata.app C:\System\Apps\bootdata\bootdata_CAPTION.rsC C:\System\Apps\Browser\Browser.app C:\System\Apps\BtUi\BtUi.app C:\System\Apps\FExplorer\FExplorer.app C:\System\Apps\Logs\Logs.app C:\System\Apps\mce\mce.app C:\System\Apps\Phonebook\Phonebook.app C:\System\Apps\SmsEditor\SmsEditor.app C:\System\Apps\SmsViewer\SmsViewer.app C:\System\Apps\symcs\aveng.dll C:\System\Apps\symcs\avlistenerplugin.dll C:\System\Apps\symcs\avpatcher.exe C:\System\Apps\symcs\avserver.dll C:\System\Apps\symcs\avupdateplugin.dll C:\System\Apps\symcs\eventreport.exe C:\System\Apps\symcs\firewall.dat C:\System\Apps\symcs\fwcfg.exe C:\System\Apps\symcs\inav.exe C:\System\Apps\symcs\inav2.exe C:\System\Apps\symcs\listenerexe.exe C:\System\Apps\symcs\listenernotifier.exe C:\System\Apps\symcs\listenerserver.dll C:\System\Apps\symcs\listenerserverexe.exe C:\System\Apps\symcs\sav.cfg C:\System\Apps\symcs\savce.def C:\System\Apps\symcs\script.dis C:\System\Apps\symcs\ssengine.dll C:\System\Apps\symcs\ssi0x101fbf90.dll C:\System\Apps\symcs\symact.dll C:\System\Apps\symcs\symactcons.exe C:\System\Apps\symcs\symantecei.exe C:\System\Apps\symcs\symap.dll C:\System\Apps\symcs\symapfsl.dll C:\System\Apps\symcs\symapsrv.exe C:\System\Apps\symcs\symapsrv.rsc C:\System\Apps\symcs\symav.ini C:\System\Apps\symcs\symavapi.dll C:\System\Apps\symcs\symcs.aif C:\System\Apps\symcs\symcs.app C:\System\Apps\symcs\symcs.log C:\System\Apps\symcs\symcs.mbm C:\System\Apps\symcs\symcs.rsc C:\System\Apps\symcs\symdec.dll C:\System\Apps\symcs\symfilter.dll C:\System\Apps\symcs\symfilter.rsc C:\System\Apps\symcs\symfsrav.dll C:\System\Apps\symcs\symlistsrvint.dll C:\System\Apps\symcs\symlogger.dll C:\System\Apps\symcs\symneth7.prt C:\System\Apps\symcs\symplav.dll C:\System\Apps\symcs\symset.dll C:\System\Apps\symcs\symset.rsc C:\System\Apps\symcs\taskimplementor.exe C:\System\Apps\symcs\unav.exe C:\Syste |
![[SymbianOS] SymbOS.Cardtrp](http://www.mobilfunk-faq.info/iconimages/verzeichnis-aktueller-mobiltelefonviren/symbianos-symbos-cardtrp_ltr.gif)
