Hangman

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 08.02.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cardtrp.X is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan may attempt to install other threats onto the compromised device and disable legitimate Symbian applications. It also installs a Windows worm onto the device's memory card.

technische Details:

It has been reported that the Trojan arrives on the compromised device as the following file:
The Two Thrones-GAMELOFT.sis

When SymbOS.Cardtrp.X is executed, it preforms the following actions:
Drops the following files to disable various applications on the compromised device:

[DRIVE LETTER]\System\Apps\Disinfect\Disinfect.app
[DRIVE LETTER]\System\Apps\eFileMan\eFileman.app
[DRIVE LETTER]\System\Apps\EVS\EVS.app
[DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.app
[DRIVE LETTER]\System\Apps\File\File.app
[DRIVE LETTER]\System\Apps\Opera\Opera.app
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app
C:\System\Apps\About\About.app
C:\System\Apps\Anti-virus\AVBioIcons.mbm
C:\System\Apps\Anti-virus\Anti-Virus.app
C:\System\Apps\Anti-virus\Anti-Virus.rsc
C:\System\Apps\Anti-virus\AntiVirus.hlp
C:\System\Apps\Anti-virus\FSAVDT.exe
C:\System\Apps\Anti-virus\FSAVEPOC.DAT
C:\System\Apps\Anti-virus\FSBioMessage.bif
C:\System\Apps\Anti-virus\FSBioMessageParser.dll
C:\System\Apps\Anti-virus\FSBioMessageViewer.dll
C:\System\Apps\Anti-virus\FSMonitor.dll
C:\System\Apps\Anti-virus\FSRec.mdl
C:\System\Apps\Anti-virus\FSSMSManager.dll
C:\System\Apps\Anti-virus\FSSched.app
C:\System\Apps\Anti-virus\FSSched.rsc
C:\System\Apps\Anti-virus\FSServerLauncher.exe
C:\System\Apps\Anti-virus\FSUpdateManager.dll
C:\System\Apps\Anti-virus\FsAVUpdater.app
C:\System\Apps\Anti-virus\FsAVUpdater.rsc
C:\System\Apps\Anti-virus\Hydra1.DLL
C:\System\Apps\Anti-virus\licencemanager20s.dll
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\FExplorer\FExplorer.app
C:\System\Apps\free$8\$$$.mdl
C:\System\Apps\free$8\free$8.aif
C:\System\Apps\free$8\free$8.app
C:\System\Apps\free$8\free$8.rsc
C:\System\Apps\Logs\Logs.app
C:\System\Apps\mce\mce.app
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\SmsEditor\SmsEditor.app
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\symcs\symcs.app
C:\System\Apps\ToDo\ToDo.app

Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.

Drops the following files, which are detected as SymbOS.Skulls, disabling various applications on the compromised device:

[DRIVE LETTER]\System\Apps\Disinfect\Disinfect.aif
[DRIVE LETTER]\System\Apps\eFileMan\eFileman.aif
[DRIVE LETTER]\System\Apps\EVS\EVS.aif
[DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.aif
[DRIVE LETTER]\System\Apps\File\File.aif
[DRIVE LETTER]\System\Apps\Opera\Opera.aif
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif
C:\System\Apps\About\About.aif
C:\System\Apps\Anti-virus\Anti-Virus.aif
C:\System\Apps\Anti-virus\FSSched.aif
C:\System\Apps\Anti-virus\FsAVUpdater.aif
C:\System\Apps\AppInst\Appinst.aif
C:\System\Apps\AppMngr\Appmngr.aif
C:\System\Apps\Browser\Browser.aif
C:\System\Apps\BtUi\BtUi.aif
C:\System\Apps\FExplorer\FExplorer.aif
C:\System\Apps\Logs\Logs.aif
C:\System\Apps\mce\mce.aif
C:\System\Apps\Phonebook\Phonebook.aif
C:\System\Apps\SmsEditor\SmsEditor.aif
C:\System\Apps\SmsViewer\SmsViewer.aif
C:\System\Apps\symcs\symcs.aif
C:\System\Apps\ToDo\ToDo.aif
C:\System\skullsmanager\contact.exe (Detected as Trojan Horse)
C:\System\skullsmanager\mbmtools.exe (Detected as Trojan Horse)

Drops the following corrupt font file onto the compromised device, detected as SymbOS.Blankfont.A, which may prevent it from restarting correctly:

C:\System\Fonts\Panic.gdr

Next, the Trojan drops the following file onto the compromised device's
memory card:

E:\compressor.exe (Detected as Trojan Horse)
E:\autorun.inf
E:\drive.ico

Note: The autorun.inf file tries to run E:\compressor.exe if the card is inserted into a Windows computer.

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 11.02.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cardtrp.Y is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables several applications installed on the device and drops a Trojan horse onto the device's memory card, which can compromise computers running Windows.

SymbOS.Cardtrp.Y reportedly arrives on the compromised device as SpyCall 2006.SIS.

technische Details:

When SymbOS.Cardtrp.Y is executed, it performs the following actions:
Copies itself as SpyCall 2006.SIS.

Note: When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device will display the following message prompting the user to install the .sis file:

Install
SpyCall 2006.SIS

Displays the following message during installation:

@@@@ D o t s i s @@@@ Crack for fun.... Enjoy...... If U like,Buy it....

Drops the following files to disable various applications on the compromised device:

.\CARIBE.SIS (a copy of SymbOS.Cabir.B)
[DRIVE LETTER]:\System\Apps\AD7650\AD7650.App
[DRIVE LETTER]:\System\Apps\About\About.app
[DRIVE LETTER]:\System\Apps\AnswRec\AnswRec.App
[DRIVE LETTER]:\System\Apps\AppCtrl\AppCtrl.app
[DRIVE LETTER]:\System\Apps\AppMngr\AppMngr.app
[DRIVE LETTER]:\System\Apps\BlackList\BlackList.App
[DRIVE LETTER]:\System\Apps\BlueJackX\BlueJackX.App
[DRIVE LETTER]:\System\Apps\Browser\Browser.app
[DRIVE LETTER]:\System\Apps\callcheater\callcheater.app
[DRIVE LETTER]:\System\Apps\camerafx\CameraFX.App
[DRIVE LETTER]:\System\Apps\CF\CF.app
[DRIVE LETTER]:\System\Apps\CSHelp\CSHelp.app
[DRIVE LETTER]:\System\Apps\CalcSoft\CalcSoft.app
[DRIVE LETTER]:\System\Apps\Calendar\Calendar.app
[DRIVE LETTER]:\System\Apps\CallManager\CallManager.App
[DRIVE LETTER]:\System\Apps\Camcoder\Camcoder.App
[DRIVE LETTER]:\System\Apps\Camcorder\Camcorder.app
[DRIVE LETTER]:\System\Apps\Camera\Camera.app
[DRIVE LETTER]:\System\Apps\ClockApp\ClockApp.app
[DRIVE LETTER]:\System\Apps\Composer\Composer.app
[DRIVE LETTER]:\System\Apps\ConnectionMonitorUi\ConnectionMonito rUi.app
[DRIVE LETTER]:\System\Apps\Converter\Converter.app
[DRIVE LETTER]:\System\Apps\ETICamcorder\ETICamcorder.App
[DRIVE LETTER]:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App
[DRIVE LETTER]:\System\Apps\ETIPlayer\ETIPlayer.App
[DRIVE LETTER]:\System\Apps\extendedrecorder\extendedrecorder.Ap p
[DRIVE LETTER]:\System\Apps\FaceWarp\FaceWarp.App
[DRIVE LETTER]:\System\Apps\FaxModemUi\FaxModemUi.app
[DRIVE LETTER]:\System\Apps\FExplorer\FExplorer.App
[DRIVE LETTER]:\System\Apps\Fdn\FDN.app
[DRIVE LETTER]:\System\Apps\FileManager\FileManager.app
[DRIVE LETTER]:\System\Apps\FMRadio\FMRadio.app
[DRIVE LETTER]:\System\Apps\FSCaller\FSCaller.App
[DRIVE LETTER]:\System\Apps\GS\GS.app
[DRIVE LETTER]:\System\Apps\Hair\Hair.App
[DRIVE LETTER]:\System\Apps\HantroCP\HantroCP.App
[DRIVE LETTER]:\System\Apps\IrApp\IrApp.app
[DRIVE LETTER]:\System\Apps\irremote\irRemote.App
[DRIVE LETTER]:\System\Apps\Jelly\Jelly.App
[DRIVE LETTER]:\System\Apps\KPCaMain\KPCaMain.App
[DRIVE LETTER]:\System\Apps\Welcome.txt
C:\System\Apps\Mp3Go\Mp3Go.App
C:\System\Apps\Mp3Player\Mp3Player.App
C:\System\Apps\MusicPlayer\MusicPlayer.app
C:\System\Apps\NSmlDSSync\NSmlDSSync.app
C:\System\Apps\Notepad\Notepad.app
C:\System\Apps\PVPlayer\PVPlayer.App
C:\System\Apps\PhoneBook\PhoneBook.app
C:\System\Apps\Phone\FREAKPHONE.APP
C:\System\Apps\Phone\FREAKPHONE.RSC
C:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC
C:\System\Apps\Phone\FreakPhone.aif
C:\System\Apps\photoacute\photoacute.App
C:\System\Apps\PhotoAlbum\PhotoAlbum.app
C:\System\Apps\PhotoEditor\PhotoEditor.app
C:\System\Apps\Photographer\Photographer.app
C:\System\Apps\PhotoSMS\PhotoSMS.App
C:\System\Apps\PhotoSafe\PhotoSafe.App
C:\System\Apps\Pinboard\Pinboard.app
C:\System\Apps\ProfileApp\ProfileApp.app
C:\System\Apps\Psln\PSLN.app
C:\System\Apps\RallyProContest\RallyProContest.App
C:\System\Apps\RealPlayer\RealPlayer.app
C:\System\Apps\RingMaster\RingMaster.App
C:\System\Apps\SatUi\Satui.app
C:\System\Apps\ScreenCap\ScreenCap.app
C:\System\Apps\SimDir\SimDir.app
C:\System\Apps\SmartAnswer\SmartAnswer.App
C:\System\Apps\SmartMovie\SmartMovie.App
C:\System\Apps\SmsMachine\SmsMachine.App
C:\System\Apps\SnakeEx\SnakeEx.app
C:\System\Apps\Sounder\Sounder.App
C:\System\Apps\SpeedDial\Speeddial.app
C:\System\Apps\sSaver\sSaver.App
C:\System\Apps\SystemExplorer\SystemExplorer.App
C:\System\Apps\Todo\Todo.app
C:\System\Apps\UVSMStyle\UVSMStyle.App
C:\System\Apps\UltraMP3\UltraMP3.App
C:\System\Apps\VCommand\VCommand.app
C:\System\Apps\VM\Vm.app
C:\System\Apps\Videorecorder\VideoRecorder.app
C:\System\Apps\VoiceRec\VoiceRec.app
C:\System\Apps\Voicerecorder\Voicerecorder.app
C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App
C:\System\Apps\WILDSKIN\WILDSKIN.App

Most files dropped by the Trojan are corrupted system components, and may disable many legitimate Symbian applications on the compromised device, including:

AD7650
AnswRec
AppCtrl
AppMngr
BlackList
BlueJackX
Browser
CF
CSHelp
CalcSoft
Calendar
CallManager
Camcoder
Camcorder
Camera
ClockApp
Composer
ConnectionMonitorUi
Converter
ETICamcorder
ETIMovieAlbum
ETIPlayer
FExplorer
FMRadio
FSCaller
FaceWarp
FaxModemUi
Fdn
FileManager
GS
Hair
HantroCP
IrApp
Jelly
KPCaMain
Launcher
Logs
MCE
MIDIED
MMCApp
MediaGallery
Mediaplayer
Menu
MidpUi
MixPix
Mp3Go
Mp3Player
MusicPlayer
NSmlDSSync
Notepad
PVPlayer
Phone
PhoneBook
PhotoAlbum
PhotoEditor
PhotoSMS
PhotoSafe
Photographer
Pinboard
ProfileApp
Psln
RallyProContest
RealPlayer
RingMaster
SatUi
ScreenCap
SimDir
SmartAnswer
SmartMovie
SmsMachine
SnakeEx
Sounder
SpeedDial
SystemExplorer
Todo
UVSMStyle
UltraMP3
VCommand
VM
Videorecorder
VoiceRec
Voicerecorder
WALLETAVMGMT
WILDSKIN
callcheater
camerafx
extendedrecorder
irremote
logoMan
mmp
photoacute
sSaver

Drops the following files onto the compromised device's memory card:

E:\autorun.inf
E:\IEHost.exe
E:\PCStealth.reg
E:\PCWeasel.reg
E:\Spykiller.ico
E:\System\Apps\Launcher\Launcher.app
E:\System\Apps\logoMan\logoMan.app
E:\System\Apps\Logs\Logs.app
E:\System\Apps\MCE\MCE.app
E:\System\Apps\MediaGallery\MediaGallery.app
E:\System\Apps\Mediaplayer\MediaPlayer.app
E:\System\Apps\Menu\FreakMenu.aif
E:\System\Apps\Menu\FREAKMENU.APP
E:\System\Apps\Menu\FREAKMENU.RSC
E:\System\Apps\Menu\FreakMenu_caption.rsc
E:\System\Apps\MidpUi\MidpUi.app
E:\System\Apps\MIDIED\MIDIED.App
E:\System\Apps\MixPix\MixPix.app
E:\System\Apps\MMCApp\MMCApp.app
E:\System\Apps\mmp\mmp.App

Creates an autorun file on the memory card, which tries to run the file E:\IEHost.exe if the card is inserted into a Windows computer. The file IEHost.exe is a component of a Windows-based adware application. This adware application will not run on a Windows computer, as it is missing key components.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\SpyCall 2006.SIS

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 17.02.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cardtrp.Z is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows.

technische Details:

The Trojan reportedly arrives as the following file:

Symantec Response Team.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
Symantec Response Team


When SymbOS.Cardtrp.Z is executed, it performs the following actions:
Displays the following message:

Symantec Response Team has made this program to protect your phone against viruses. Please restart tour phone after installation. Symantec ----- [Link nur für registrierte Mitglieder sichtbar.]

Drops the following files to disable various applications on the compromised device:

[DRIVE LETTER]\System\Apps\Disinfect\Disinfect.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\Disinfect\Disinfect.app
[DRIVE LETTER]\System\Apps\EVS\EVS.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\EVS\EVS.app
[DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\FCommwarrior\FCommwarrior.app
[DRIVE LETTER]\System\Apps\File\File.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\File\File.app
[DRIVE LETTER]\System\Apps\Opera\Opera.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\Opera\Opera.app
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif (A copy of SymbOS.Skulls.)
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app
C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan
\blue\a-team\terence\ownpda\fuyuan.gif
C:\System\Apps\About\About.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\About\About.app
C:\System\Apps\Anti-virus\AVBioIcons.mbm
C:\System\Apps\Anti-virus\Anti-Virus.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Anti-virus\Anti-Virus.app
C:\System\Apps\Anti-virus\Anti-Virus.rsc
C:\System\Apps\Anti-virus\AntiVirus.hlp
C:\System\Apps\Anti-virus\FSAVDT.exe
C:\System\Apps\Anti-virus\FSAVEPOC.DAT
C:\System\Apps\Anti-virus\FSBioMessage.bif
C:\System\Apps\Anti-virus\FSBioMessageParser.dll
C:\System\Apps\Anti-virus\FSBioMessageViewer.dll
C:\System\Apps\Anti-virus\FSMonitor.dll
C:\System\Apps\Anti-virus\FSRec.mdl
C:\System\Apps\Anti-virus\FSSMSManager.dll
C:\System\Apps\Anti-virus\FSSched.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Anti-virus\FSSched.app
C:\System\Apps\Anti-virus\FSSched.rsc
C:\System\Apps\Anti-virus\FSServerLauncher.exe
C:\System\Apps\Anti-virus\FSUpdateManager.dll
C:\System\Apps\Anti-virus\FsAVUpdater.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Anti-virus\FsAVUpdater.app
C:\System\Apps\Anti-virus\FsAVUpdater.rsc
C:\System\Apps\Anti-virus\Hydra1.DLL
C:\System\Apps\Anti-virus\licencemanager20s.dll
C:\System\Apps\AppInst\Appinst.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Browser\Browser.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\eFileMan\eFileman.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\eFileMan\eFileman.app
C:\System\Apps\FExplorer\FExplorer.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\FExplorer\FExplorer.app
C:\System\Apps\Logs\Logs.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Logs\Logs.app
C:\System\Apps\mce\mce.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\mce\mce.app
C:\System\Apps\nokiaapps\nokiaapps.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\nokiaapps\nokiaapps.app
C:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
C:\System\Apps\nokiafile\data.cfg
C:\System\Apps\nokiafile\img.mbm
C:\System\Apps\nokiafile\nokiafile.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\nokiafile\nokiafile.app (A copy of SymbOS.Skulls.D.)
C:\System\Apps\nokiafile\nokiafile.rsc
C:\System\Apps\nokiafile\nokiafile_caption.rsc
C:\System\Apps\Phonebook\Phonebook.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\pjBlue\pjBLUE.APP
C:\System\Apps\pjBlue\pjBLUE.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\pjBlue\pjBLUE_CAPTION.rsC
C:\System\Apps\PSLN\PSLN.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\PSLN\PSLN.app
C:\System\Apps\SmsEditor\SmsEditor.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\SmsEditor\SmsEditor.app
C:\System\Apps\SmsViewer\SmsViewer.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\symcs\symcs.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\symcs\symcs.app
C:\System\Apps\ToDo\ToDo.aif (A copy of SymbOS.Skulls.)
C:\System\Apps\ToDo\ToDo.app
C:\System\SMTP\SMT\SM\S\dontopenthisfolder\loops.z ip (Detected as W32.Blackmal.E@mm!enc.)
C:\System\recogs\YYSBootRec.mdl (A copy of SymbOS.Skulls.D.)

Note:
Many files dropped by the Trojan are corrupted system components, and may prevent the compromised device from restarting.
[DRIVE LETTER] is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.

Drops the following files to the compromised device's memory card:

E:\autorun.inf
E:\google_desktop.exe (a copy of Trojan Horse)
E:\nav.ico

Note:
The image of the icon for E:\google_desktop.exe is the same as the icon that Google has used recently. When a user is browsing the contents of the memory card on a Windows computer, they may inadvertently execute this worm on the computer by clicking on the icon.
The Trojan also creates an autorun file on the memory card, which tries to run google_desktop.exe (a copy of Trojan Horse) if the card is inserted into a Windows computer.

The following file is also created by the device Installer, not the Trojan itself:

[DRIVE LETTER]\system\install\Symantec Response Team.sis

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 06.03.2006
auch bekannt als: Cardtrap.AC [F-Secure], SYMBOS_CARDTRP.R [Trend]

Information:

SymbOS.Cardtrp.AA is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows.

The Trojan reportedly arrives as FOTOFUN 3.5 - CRACKED.sis.

technische Details:

When SymbOS.Cardtrp.AA is executed, it performs the following actions:
Copies itself as the following file:

FOTOFUN 3.5 - CRACKED.sis

Note: If the user opens this file, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
FOTOFUN 3.5 - CRACKED

Displays the following message during the installation process:

FOTO FUN 3.5 ------------------------ Cracked Version by san_shaker ----------------------------Enjoy!

Drops the following files to the compromised device:

[DRIVE LETTER]\System\Apps\ExplodeArena\ExplodeArena.aif
[DRIVE LETTER]\System\Apps\ExplodeArena\ExplodeArena.app
[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.aif
[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.app
[DRIVE LETTER]\System\Apps\Opera\EN-GB\connect.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\home.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\index.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\keypad.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\start.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ID\connect.html
[DRIVE LETTER]\System\Apps\Opera\ID\home.html
[DRIVE LETTER]\System\Apps\Opera\ID\index.html
[DRIVE LETTER]\System\Apps\Opera\ID\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ID\start.html
[DRIVE LETTER]\System\Apps\Opera\ID\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\Opera.aif
[DRIVE LETTER]\System\Apps\Opera\TH\connect.html
[DRIVE LETTER]\System\Apps\Opera\TH\home.html
[DRIVE LETTER]\System\Apps\Opera\TH\index.html
[DRIVE LETTER]\System\Apps\Opera\TH\keypad.html
[DRIVE LETTER]\System\Apps\Opera\TH\start.html
[DRIVE LETTER]\System\Apps\Opera\TH\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\connect.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\home.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\index.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\start.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\troubleshoot.html
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app
C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif
C:\System\Apps\About\About.aif
C:\System\Apps\About\About.app
C:\System\Apps\Anti-virus\Anti-virus.aif
C:\System\Apps\Anti-virus\Anti-virus.app
C:\System\Apps\AppInst\Appinst.aif
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.aif
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Autolock\Autolock.aif
C:\System\Apps\Autolock\Autolock.app
C:\System\Apps\baseimage\baseimage.aif
C:\System\Apps\baseimage\baseimage.app
C:\System\Apps\Browser\Browser.aif
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.aif
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\bva\bva.aif
C:\System\Apps\bva\bva.app
C:\System\Apps\CERTSAVER\CERTSAVER.aif
C:\System\Apps\CERTSAVER\CERTSAVER.app
C:\System\Apps\Calcsoft\Calcsoft.aif
C:\System\Apps\Calcsoft\Calcsoft.app
C:\System\Apps\Camcoder\Camcoder.aif
C:\System\Apps\Camcoder\Camcoder.app
C:\System\Apps\CbsUiApp\CbsUiApp.aif
C:\System\Apps\CbsUiApp\CbsUiApp.app
C:\System\Apps\Chat\Chat.aif
C:\System\Apps\Chat\Chat.app
C:\System\Apps\ClockApp\ClockApp.aif
C:\System\Apps\ClockApp\ClockApp.app
C:\System\Apps\CodViewer\CodViewer.aif
C:\System\Apps\CodViewer\CodViewer.app
C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.aif
C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app
C:\System\Apps\Converter\Converter.aif
C:\System\Apps\Converter\Converter.app
C:\System\Apps\cshelp\cshelp.aif
C:\System\Apps\cshelp\cshelp.app
C:\System\Apps\DRMRightsManager\DRMRightsManager.a if
C:\System\Apps\DRMRightsManager\DRMRightsManager.a pp
C:\System\Apps\DataMoverCli\DataMoverCli.aif
C:\System\Apps\DataMoverCli\DataMoverCli.app
C:\System\Apps\DdViewer\DdViewer.aif
C:\System\Apps\DdViewer\DdViewer.app
C:\System\Apps\FileManager\FileManager.aif
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\GS\GS.aif
C:\System\Apps\GS\GS.app
C:\System\Apps\ImagePrintApp\ImagePrintApp.app
C:\System\Apps\ImageViewer\ImageViewer.aif
C:\System\Apps\ImageViewer\ImageViewer.app
C:\System\Apps\Logs\Logs.aif
C:\System\Apps\Logs\Logs.app
C:\System\Apps\ManualVideoEditor\ManualVideoEditor .aif
C:\System\Apps\ManualVideoEditor\ManualVideoEditor .app
C:\System\Apps\mce\mce.aif
C:\System\Apps\mce\mce.app
C:\System\Apps\MediaGallery2\MediaGallery2.aif
C:\System\Apps\MediaGallery2\MediaGallery2.app
C:\System\Apps\MediaPlayer\MediaPlayer.aif
C:\System\Apps\MediaPlayer\MediaPlayer.app
C:\System\Apps\MediaSettings\MediaSettings.aif
C:\System\Apps\MediaSettings\MediaSettings.app
C:\System\Apps\Menu\Menu.aif
C:\System\Apps\Menu\Menu.app
C:\System\Apps\mmcapp\mmcapp.aif
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\MmsEditor\MmsEditor.aif
C:\System\Apps\MmsEditor\MmsEditor.app
C:\System\Apps\MmsViewer\MmsViewer.aif
C:\System\Apps\MmsViewer\MmsViewer.app
C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
C:\System\Apps\MsgMailEditor\MsgMailEditor.app
C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
C:\System\Apps\MsgMailViewer\MsgMailViewer.app
C:\System\Apps\MusicPlayer\MusicPlayer.aif
C:\System\Apps\MusicPlayer\MusicPlayer.app
C:\System\Apps\NSmIDMSync\NSmIDMSync.aif
C:\System\Apps\NSmIDMSync\NSmIDMSync.app
C:\System\Apps\NSmIDSSync\NSmIDSSync.aif
C:\System\Apps\NSmIDSSync\NSmIDSSync.app
C:\System\Apps\Notepad\Notepad.aif
C:\System\Apps\Notepad\Notepad.app
C:\System\Apps\NpdViewer\NpdViewer.aif
C:\System\Apps\NpdViewer\NpdViewer.app
C:\System\Apps\Operatormenu\Operatormenu.aif
C:\System\Apps\Operatormenu\Operatormenu.app
C:\System\Apps\PSLN\PSLN.aif
C:\System\Apps\PSLN\PSLN.app
C:\System\Apps\Phone\Phone.aif
C:\System\Apps\Phone\Phone.app
C:\System\Apps\Phonebook\Phonebook.aif
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\Photoring\Photoring.aif
C:\System\Apps\Photoring\Photoring.app
C:\System\Apps\Pinboard\Pinboard.aif
C:\System\Apps\Pinboard\Pinboard.app
C:\System\Apps\ProfileApp\ProfileApp.aif
C:\System\Apps\ProfileApp\ProfileApp.app
C:\System\Apps\ProvisioningCx\Provisioning.app
C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
C:\System\Apps\PushViewer\PushViewer.aif
C:\System\Apps\PushViewer\PushViewer.app
C:\System\Apps\Satui\Satui.aif
C:\System\Apps\Satui\Satui.app
C:\System\Apps\SchemeApp\SchemeApp.aif
C:\System\Apps\SchemeApp\SchemeApp.app
C:\System\Apps\ScreenSaver\ScreenSaver.aif
C:\System\Apps\ScreenSaver\ScreenSaver.app
C:\System\Apps\SimDirectory\SimDirectory.aif
C:\System\Apps\SimDirectory\SymDirectory.app
C:\System\Apps\Smiltemplate\Smiltemplate.aif
C:\System\Apps\Smiltemplate\Smiltemplate.app
C:\System\Apps\SmsEditor\SmsEditor.aif
C:\System\Apps\SmsEditor\SmsEditor.app
C:\System\Apps\SmsViewer\SmsViewer.aif
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\SnakeEx\SnakeEx.aif
C:\System\Apps\SnakeEx\SnakeEx.app
C:\System\Apps\Speeddial\Speeddial.aif
C:\System\Apps\Speeddial\Speeddial.app
C:\System\Apps\Startup\Startup.aif
C:\System\Apps\Startup\Startup.app
C:\System\Apps\symcs\symcs.aif
C:\System\Apps\symcs\symcs.app
C:\System\Apps\SysAp\SysAp.aif
C:\System\Apps\SysAp\SysAp.app
C:\System\Apps\testserver\testserver.aif
C:\System\Apps\testserver\testserver.app
C:\System\Apps\ToDo\ToDo.aif
C:\System\Apps\ToDo\ToDo.app
C:\System\Apps\Ussd\Ussd.aif
C:\System\Apps\Ussd\Ussd.app
C:\System\Apps\VCommand\VCommand.aif
C:\System\Apps\VCommand\VCommand.app
C:\System\Apps\videotelui\videotelui.aif
C:\System\Apps\videotelui\videotelui.app
C:\System\Apps\Vm\Vm.aif
C:\System\Apps\Vm\Vm.app
C:\System\Apps\Voicerecorder\Voicerecorder.aif
C:\System\Apps\Voicerecorder\Voicerecorder.app
C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.app
C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
C:\System\Apps\WALLETAVOTA\WALLETAVOTA.app
C:\System\VISTA_64bit\vista.exe
C:\System\recogs\$$$.MDL (a copy of SymbOS.Cabir.M)
C:\System\recogs\YYSBootRec.mdl (a copy of SymbOS.Skulls.D)

Note:
[DRIVE LETTER] is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
Many files dropped by the Trojan are corrupted, which disables several legitimate programs and may prevent the device from restarting.
The dropped .html files are all the same that display the following text when openning:
YOU HAVE BEEN INFECTED BY SAN SHAKER'S VIRUS

Drops the following files to the compromised device's memory card:

E:\Install.exe (a copy of W32.Rontokbro@mm)
E:\autorun.inf
E:\compress.ico

The autorun file created on the memory card tries to run the worm file Install.exe if the card is inserted into a Windows computer.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\FOTOFUN 3.5 - CRACKED.sis

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 09.03.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cardtrp.AB is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows.

technische Details:

The Trojan reportedly arrives as the following file named Opera PATCH FULL ++.sis. When the user opens this file, the phone displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Opera PATCH FULL ++

When SymbOS.Cardtrp.AB is executed, it performs the following actions:
Displays the following message:

Opera's Patch Ver. 7.5 ----------------------------------------------- Simply Change the start page and other functions! Enjoy! ----------------------------------- Opera CRACKED BY SAN_SHAKER

Drops the following files:

[DRIVE LETTER]\System\Apps\Opera\ZH-CN\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\start.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\index.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\home.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\connect.html
[DRIVE LETTER]\System\Apps\Opera\TH\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\TH\start.html
[DRIVE LETTER]\System\Apps\Opera\TH\keypad.html
[DRIVE LETTER]\System\Apps\Opera\TH\index.html
[DRIVE LETTER]\System\Apps\Opera\TH\home.html
[DRIVE LETTER]\System\Apps\Opera\TH\connect.html
[DRIVE LETTER]\System\Apps\Opera\start_on.gif
[DRIVE LETTER]\System\Apps\Opera\start.gif
[DRIVE LETTER]\System\Apps\Opera\portal_on.gif
[DRIVE LETTER]\System\Apps\Opera\portal.gif
[DRIVE LETTER]\System\Apps\Opera\link.gif
[DRIVE LETTER]\System\Apps\Opera\keypad_on.gif
[DRIVE LETTER]\System\Apps\Opera\keypad.gif
[DRIVE LETTER]\System\Apps\Opera\ID\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ID\start.html
[DRIVE LETTER]\System\Apps\Opera\ID\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ID\index.html
[DRIVE LETTER]\System\Apps\Opera\ID\home.html
[DRIVE LETTER]\System\Apps\Opera\ID\connect.html
[DRIVE LETTER]\System\Apps\Opera\home.png
[DRIVE LETTER]\System\Apps\Opera\help_on.gif
[DRIVE LETTER]\System\Apps\Opera\help.gif
[DRIVE LETTER]\System\Apps\Opera\file.gif
[DRIVE LETTER]\System\Apps\Opera\EN-GB\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\start.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\keypad.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\index.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\home.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\connect.html
[DRIVE LETTER]\System\Apps\Opera\drive.gif
[DRIVE LETTER]\System\Apps\Opera\connect_on.gif
[DRIVE LETTER]\System\Apps\Opera\connect.gif
[DRIVE LETTER]\System\Apps\Opera\community_on.gif
[DRIVE LETTER]\System\Apps\Opera\community.gif
[DRIVE LETTER]\System\Apps\Opera\blank.gif
C:\System\Data\Backgroundimage.mbm
C:\System\Apps\SystemExplorer\SystemExplorer.app
C:\System\Apps\SystemExplorer\SystemExplorer.aif
C:\System\Apps\FExplorer\FExplorer.app
C:\System\Apps\FExplorer\FExplorer.aif
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\AppMngr\Appmngr.aif
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppInst\Appinst.aif
C:\System\Apps\Anti-virus\Anti-virus.app
C:\System\Apps\Anti-virus\Anti-virus.aif

Note:
[DRIVE LETTER] is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
Many files dropped by the Trojan are corrupted, which disables several legitimate programs and may prevent the device from restarting.
The dropped .html files are identical, and all display the following text when opened:

YOU HAVE BEEN INFECTED BY SAN SHAKER'S VIRUS

Drops the following files to the compromised device's memory card:

E:\virus.ico
E:\GreatLove.txt.exe (A copy of W32.Blaster.Worm.)
E:\autorun.inf

Note: The autorun file created on the memory card tries to run the worm file GreatLove.txt.exe if the card is inserted into a Windows computer.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\Opera PATCH FULL ++.sis

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 05.04.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cardtrp.AC is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows.

technische Details:

The Trojan reportedly arrives as a .sis file. When a user opens this file, the phone installer will display a dialog warning users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Norman Virus Control 2.10.90
This program cracked by TRSH ..... Enjoy!!

When SymbOS.Cardtrp.AC is executed, it performs the following actions:
Drops the following files into the memory card of the compromised mobile device:

ANTI_TROJAN.EXE
AUTORUN.INF
MOZILLA.ICO

Attempts to initiate the execution of the file ANTI_TROJAN.EXE by using the file AUTORUN.INF, once the memory card is inserted into a computer.

Note: ANTI_TROJAN.EXE is a variant of Backdoor.NetBus.svr.

Drops the file PANIC.GDR into the following folder:

[DRIVE LETTER]\System\fonts

Note: PANIC.GDR is a copy of SymbOS.Blankfont.A.

Overwrites the following utilities, security-related files, and applications installed on the compromised device with corrupted copies:

[DRIVE LETTER]\System\Apps\About\About.aif
[DRIVE LETTER]\System\Apps\About\About.app
[DRIVE LETTER]\System\Apps\Anti-virus\Anti-virus.aif
[DRIVE LETTER]\System\Apps\Anti-virus\Anti-virus.app
[DRIVE LETTER]\System\Apps\AppInst\Appinst.aif
[DRIVE LETTER]\System\Apps\AppInst\Appinst.app
[DRIVE LETTER]\System\Apps\AppMngr\Appmngr.aif
[DRIVE LETTER]\System\Apps\AppMngr\Appmngr.app
[DRIVE LETTER]\System\Apps\Autolock\Autolock.aif
[DRIVE LETTER]\System\Apps\Autolock\Autolock.app
[DRIVE LETTER]\System\Apps\baseimage\baseimage.aif
[DRIVE LETTER]\System\Apps\baseimage\baseimage.app
[DRIVE LETTER]\System\Apps\Browser\Browser.aif
[DRIVE LETTER]\System\Apps\Browser\Browser.app
[DRIVE LETTER]\System\Apps\BtUi\BtUi.aif
[DRIVE LETTER]\System\Apps\BtUi\BtUi.app
[DRIVE LETTER]\System\Apps\bva\bva.aif
[DRIVE LETTER]\System\Apps\bva\bva.app
[DRIVE LETTER]\System\Apps\Calcsoft\Calcsoft.aif
[DRIVE LETTER]\System\Apps\Calcsoft\Calcsoft.app
[DRIVE LETTER]\System\Apps\Camcoder\Camcoder.aif
[DRIVE LETTER]\System\Apps\Camcoder\Camcoder.app
[DRIVE LETTER]\System\Apps\CbsUiApp\CbsUiApp.aif
[DRIVE LETTER]\System\Apps\CbsUiApp\CbsUiApp.app
[DRIVE LETTER]\System\Apps\CERTSAVER\CERTSAVER.aif
[DRIVE LETTER]\System\Apps\CERTSAVER\CERTSAVER.app
[DRIVE LETTER]\System\Apps\Chat\Chat.aif
[DRIVE LETTER]\System\Apps\Chat\Chat.app
[DRIVE LETTER]\System\Apps\ClockApp\ClockApp.aif
[DRIVE LETTER]\System\Apps\ClockApp\ClockApp.app
[DRIVE LETTER]\System\Apps\CodViewer\CodViewer.aif
[DRIVE LETTER]\System\Apps\CodViewer\CodViewer.app
[DRIVE LETTER]\System\Apps\ConnectionMonitorUi\ConnectionMonitor Ui.aif
[DRIVE LETTER]\System\Apps\ConnectionMonitorUi\ConnectionMonitor Ui.app
[DRIVE LETTER]\System\Apps\Converter\Converter.aif
[DRIVE LETTER]\System\Apps\Converter\Converter.app
[DRIVE LETTER]\System\Apps\cshelp\cshelp.aif
[DRIVE LETTER]\System\Apps\cshelp\cshelp.app
[DRIVE LETTER]\System\Apps\DataMoverCli\DataMoverCli.aif
[DRIVE LETTER]\System\Apps\DataMoverCli\DataMoverCli.app
[DRIVE LETTER]\System\Apps\DdViewer\DdViewer.aif
[DRIVE LETTER]\System\Apps\DdViewer\DdViewer.app
[DRIVE LETTER]\System\Apps\DRMRightsManager\DRMRightsManager.aif
[DRIVE LETTER]\System\Apps\DRMRightsManager\DRMRightsManager.app
[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.aif
[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.app
[DRIVE LETTER]\System\Apps\FileManager\FileManager.aif
[DRIVE LETTER]\System\Apps\FileManager\FileManager.app
[DRIVE LETTER]\System\Apps\GS\GS.aif
[DRIVE LETTER]\System\Apps\GS\GS.app
[DRIVE LETTER]\System\Apps\ImagePrintApp\ImagePrintApp.aif
[DRIVE LETTER]\System\Apps\ImagePrintApp\ImagePrintApp.app
[DRIVE LETTER]\System\Apps\ImageViewer\ImageViewer.aif
[DRIVE LETTER]\System\Apps\ImageViewer\ImageViewer.app
[DRIVE LETTER]\System\Apps\Logs\Logs.aif
[DRIVE LETTER]\System\Apps\Logs\Logs.app
[DRIVE LETTER]\System\Apps\ManualVideoEditor\ManualVideoEditor.a if
[DRIVE LETTER]\System\Apps\ManualVideoEditor\ManualVideoEditor.a pp
[DRIVE LETTER]\System\Apps\mce\mce.aif
[DRIVE LETTER]\System\Apps\mce\mce.app
[DRIVE LETTER]\System\Apps\MediaGallery2\MediaGallery2.aif
[DRIVE LETTER]\System\Apps\MediaGallery2\MediaGallery2.app
[DRIVE LETTER]\System\Apps\MediaPlayer\MediaPlayer.aif
[DRIVE LETTER]\System\Apps\MediaPlayer\MediaPlayer.app
[DRIVE LETTER]\System\Apps\MediaSettings\MediaSettings.aif
[DRIVE LETTER]\System\Apps\MediaSettings\MediaSettings.app
[DRIVE LETTER]\System\Apps\Menu\Menu.aif
[DRIVE LETTER]\System\Apps\Menu\Menu.app
[DRIVE LETTER]\System\Apps\mmcapp\mmcapp.aif
[DRIVE LETTER]\System\Apps\mmcapp\mmcapp.app
[DRIVE LETTER]\System\Apps\MmsEditor\MmsEditor.aif
[DRIVE LETTER]\System\Apps\MmsEditor\MmsEditor.app
[DRIVE LETTER]\System\Apps\MmsViewer\MmsViewer.aif
[DRIVE LETTER]\System\Apps\MmsViewer\MmsViewer.app
[DRIVE LETTER]\System\Apps\MsgMailEditor\MsgMailEditor.aif
[DRIVE LETTER]\System\Apps\MsgMailEditor\MsgMailEditor.app
[DRIVE LETTER]\System\Apps\MsgMailViewer\MsgMailViewer.aif
[DRIVE LETTER]\System\Apps\MsgMailViewer\MsgMailViewer.app
[DRIVE LETTER]\System\Apps\MusicPlayer\MusicPlayer.aif
[DRIVE LETTER]\System\Apps\MusicPlayer\MusicPlayer.app
[DRIVE LETTER]\System\Apps\Notepad\Notepad.aif
[DRIVE LETTER]\System\Apps\Notepad\Notepad.app
[DRIVE LETTER]\System\Apps\NpdViewer\NpdViewer.aif
[DRIVE LETTER]\System\Apps\NpdViewer\NpdViewer.app
[DRIVE LETTER]\System\Apps\NSmIDMSync\NSmIDMSync.aif
[DRIVE LETTER]\System\Apps\NSmIDMSync\NSmIDMSync.app
[DRIVE LETTER]\System\Apps\NSmIDSSync\NSmIDSSync.aif
[DRIVE LETTER]\System\Apps\NSmIDSSync\NSmIDSSync.app
[DRIVE LETTER]\System\Apps\Opera\EN-GB\connect.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\home.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\index.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\keypad.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\start.html
[DRIVE LETTER]\System\Apps\Opera\EN-GB\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ID\connect.html
[DRIVE LETTER]\System\Apps\Opera\ID\home.html
[DRIVE LETTER]\System\Apps\Opera\ID\index.html
[DRIVE LETTER]\System\Apps\Opera\ID\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ID\start.html
[DRIVE LETTER]\System\Apps\Opera\ID\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\Opera.aif
[DRIVE LETTER]\System\Apps\Opera\TH\connect.html
[DRIVE LETTER]\System\Apps\Opera\TH\home.html
[DRIVE LETTER]\System\Apps\Opera\TH\index.html
[DRIVE LETTER]\System\Apps\Opera\TH\keypad.html
[DRIVE LETTER]\System\Apps\Opera\TH\start.html
[DRIVE LETTER]\System\Apps\Opera\TH\troubleshoot.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\connect.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\home.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\index.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\keypad.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\start.html
[DRIVE LETTER]\System\Apps\Opera\ZH-CN\troubleshoot.html
[DRIVE LETTER]\System\Apps\Operatormenu\Operatormenu.aif
[DRIVE LETTER]\System\Apps\Operatormenu\Operatormenu.app
[DRIVE LETTER]\System\Apps\Phone\Phone.aif
[DRIVE LETTER]\System\Apps\Phone\Phone.app
[DRIVE LETTER]\System\Apps\Phonebook\Phonebook.aif
[DRIVE LETTER]\System\Apps\Phonebook\Phonebook.app
[DRIVE LETTER]\System\Apps\Photoring\Photoring.aif
[DRIVE LETTER]\System\Apps\Photoring\Photoring.app
[DRIVE LETTER]\System\Apps\Pinboard\Pinboard.aif
[DRIVE LETTER]\System\Apps\Pinboard\Pinboard.app
[DRIVE LETTER]\System\Apps\ProfileApp\ProfileApp.aif
[DRIVE LETTER]\System\Apps\ProfileApp\ProfileApp.app
[DRIVE LETTER]\System\Apps\ProvisioningCx\Provisioning.app
[DRIVE LETTER]\System\Apps\ProvisioningCx\ProvisioningCx.aif
[DRIVE LETTER]\System\Apps\PSLN\PSLN.aif
[DRIVE LETTER]\System\Apps\PSLN\PSLN.app
[DRIVE LETTER]\System\Apps\PushViewer\PushViewer.aif
[DRIVE LETTER]\System\Apps\PushViewer\PushViewer.app
[DRIVE LETTER]\System\Apps\Satui\Satui.aif
[DRIVE LETTER]\System\Apps\Satui\Satui.app
[DRIVE LETTER]\System\Apps\SchemeApp\SchemeApp.aif
[DRIVE LETTER]\System\Apps\SchemeApp\SchemeApp.app
[DRIVE LETTER]\System\Apps\ScreenSaver\ScreenSaver.aif
[DRIVE LETTER]\System\Apps\ScreenSaver\ScreenSaver.app
[DRIVE LETTER]\System\Apps\SimDirectory\SimDirectory.aif
[DRIVE LETTER]\System\Apps\SimDirectory\SymDirectory.app
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.aif
[DRIVE LETTER]\System\Apps\SmartFileMan\SmartFileMan.app
[DRIVE LETTER]\System\Apps\Smiltemplate\Smiltemplate.aif
[DRIVE LETTER]\System\Apps\Smiltemplate\Smiltemplate.app
[DRIVE LETTER]\System\Apps\SmsEditor\SmsEditor.aif
[DRIVE LETTER]\System\Apps\SmsEditor\SmsEditor.app
[DRIVE LETTER]\System\Apps\SmsViewer\SmsViewer.aif
[DRIVE LETTER]\System\Apps\SmsViewer\SmsViewer.app
[DRIVE LETTER]\System\Apps\SnakeEx\SnakeEx.aif
[DRIVE LETTER]\System\Apps\SnakeEx\SnakeEx.app
[DRIVE LETTER]\System\Apps\Speeddial\Speeddial.aif
[DRIVE LETTER]\System\Apps\Speeddial\Speeddial.app
[DRIVE LETTER]\System\Apps\Startup\Startup.aif
[DRIVE LETTER]\System\Apps\Startup\Startup.app
[DRIVE LETTER]\System\Apps\symcs\symcs.aif
[DRIVE LETTER]\System\Apps\symcs\symcs.app
[DRIVE LETTER]\System\Apps\SysAp\SysAp.aif
[DRIVE LETTER]\System\Apps\SysAp\SysAp.app
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.aif
[DRIVE LETTER]\System\Apps\SystemExplorer\SystemExplorer.app
[DRIVE LETTER]\System\Apps\testserver\testserver.aif
[DRIVE LETTER]\System\Apps\testserver\testserver.app
[DRIVE LETTER]\System\Apps\ToDo\ToDo.aif
[DRIVE LETTER]\System\Apps\ToDo\ToDo.app
[DRIVE LETTER]\System\Apps\Ussd\Ussd.aif
[DRIVE LETTER]\System\Apps\Ussd\Ussd.app
[DRIVE LETTER]\System\Apps\VCommand\VCommand.aif
[DRIVE LETTER]\System\Apps\VCommand\VCommand.app
[DRIVE LETTER]\System\Apps\videotelui\videotelui.aif
[DRIVE LETTER]\System\Apps\videotelui\videotelui.app
[DRIVE LETTER]\System\Apps\Vm\Vm.aif
[DRIVE LETTER]\System\Apps\Vm\Vm.app
[DRIVE LETTER]\System\Apps\Voicerecorder\Voicerecorder.aif
[DRIVE LETTER]\System\Apps\Voicerecorder\Voicerecorder.app
[DRIVE LETTER]\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
[DRIVE LETTER]\System\Apps\WALLETAVMGMT\WALLETAVMGMT.app
[DRIVE LETTER]\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
[DRIVE LETTER]\System\Apps\WALLETAVOTA\WALLETAVOTA.app

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 24.05.2006
auch bekannt als: Cardtrp.AD [F-Secure]

Information:

ymbOS.Cardtrp.AD is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows.

The Trojan reportedly arrives as Juggler Anti Virus®.sis. When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cardtrp.AD is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
Juggler Anti Virus®

Displays the following message during installation:

Juggler Anti Virus® protects you against any mobile viruses in wild. Virus Definitions : Yesterday ................ Juggler Anti Virus® 3.50.11

Drops the following files:

[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.aif
[DRIVE LETTER]\System\Apps\FExplorer\FExplorer.app
[DRIVE LETTER]\System\skins\c3db11cb1145bff2\Southpark.mbm
[DRIVE LETTER]\System\skins\c3db11cb1145bff2\Southpark.skn
C:\System\Apps\About\About.aif
C:\System\Apps\About\About.app
C:\System\Apps\Anti-virus\Anti-virus.aif
C:\System\Apps\Anti-virus\Anti-virus.app
C:\System\Apps\AppInst\Appinst.aif
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppMngr\Appmngr.aif
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Autolock\Autolock.aif
C:\System\Apps\Autolock\Autolock.app
C:\System\Apps\Browser\Browser.aif
C:\System\Apps\Browser\Browser.app
C:\System\Apps\BtUi\BtUi.aif
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\CERTSAVER\CERTSAVER.aif
C:\System\Apps\CERTSAVER\CERTSAVER.app
C:\System\Apps\Calcsoft\Calcsoft.aif
C:\System\Apps\Calcsoft\Calcsoft.app
C:\System\Apps\Camcoder\Camcoder.aif
C:\System\Apps\Camcoder\Camcoder.app
C:\System\Apps\CbsUiApp\CbsUiApp.aif
C:\System\Apps\CbsUiApp\CbsUiApp.app
C:\System\Apps\Chat\Chat.aif
C:\System\Apps\Chat\Chat.app
C:\System\Apps\ClockApp\ClockApp.aif
C:\System\Apps\ClockApp\ClockApp.app
C:\System\Apps\CodViewer\CodViewer.aif
C:\System\Apps\CodViewer\CodViewer.app
C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.aif
C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app
C:\System\Apps\Converter\Converter.aif
C:\System\Apps\Converter\Converter.app
C:\System\Apps\DRMRightsManager\DRMRightsManager.a if
C:\System\Apps\DRMRightsManager\DRMRightsManager.a pp
C:\System\Apps\DataMoverCli\DataMoverCli.aif
C:\System\Apps\DataMoverCli\DataMoverCli.app
C:\System\Apps\DdViewer\DdViewer.aif
C:\System\Apps\DdViewer\DdViewer.app
C:\System\Apps\FileManager\FileManager.aif
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\GS\GS.aif
C:\System\Apps\GS\GS.app
C:\System\Apps\ImagePrintApp\ImagePrintApp.aif
C:\System\Apps\ImagePrintApp\ImagePrintApp.app
C:\System\Apps\ImageViewer\ImageViewer.aif
C:\System\Apps\ImageViewer\ImageViewer.app
C:\System\Apps\Logs\Logs.aif
C:\System\Apps\Logs\Logs.app
C:\System\Apps\ManualVideoEditor\ManualVideoEditor .aif
C:\System\Apps\ManualVideoEditor\ManualVideoEditor .app
C:\System\Apps\MediaGallery2\MediaGallery2.aif
C:\System\Apps\MediaGallery2\MediaGallery2.app
C:\System\Apps\MediaPlayer\MediaPlayer.aif
C:\System\Apps\MediaPlayer\MediaPlayer.app
C:\System\Apps\MediaSettings\MediaSettings.aif
C:\System\Apps\MediaSettings\MediaSettings.app
C:\System\Apps\Menu\Menu.aif
C:\System\Apps\Menu\Menu.app
C:\System\Apps\MmsEditor\MmsEditor.aif
C:\System\Apps\MmsEditor\MmsEditor.app
C:\System\Apps\MmsViewer\MmsViewer.aif
C:\System\Apps\MmsViewer\MmsViewer.app
C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
C:\System\Apps\MsgMailEditor\MsgMailEditor.app
C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
C:\System\Apps\MsgMailViewer\MsgMailViewer.app
C:\System\Apps\MusicPlayer\MusicPlayer.aif
C:\System\Apps\MusicPlayer\MusicPlayer.app
C:\System\Apps\NSmIDMSync\NSmIDMSync.aif
C:\System\Apps\NSmIDMSync\NSmIDMSync.app
C:\System\Apps\NSmIDSSync\NSmIDSSync.aif
C:\System\Apps\NSmIDSSync\NSmIDSSync.app
C:\System\Apps\Notepad\Notepad.aif
C:\System\Apps\Notepad\Notepad.app
C:\System\Apps\NpdViewer\NpdViewer.aif
C:\System\Apps\NpdViewer\NpdViewer.app
C:\System\Apps\Opera\EN-GB\connect.html
C:\System\Apps\Opera\EN-GB\home.html
C:\System\Apps\Opera\EN-GB\index.html
C:\System\Apps\Opera\EN-GB\keypad.html
C:\System\Apps\Opera\EN-GB\start.html
C:\System\Apps\Opera\EN-GB\troubleshoot.html
C:\System\Apps\Opera\ID\connect.html
C:\System\Apps\Opera\ID\home.html
C:\System\Apps\Opera\ID\index.html
C:\System\Apps\Opera\ID\keypad.html
C:\System\Apps\Opera\ID\start.html
C:\System\Apps\Opera\ID\troubleshoot.html
C:\System\Apps\Opera\Opera.aif
C:\System\Apps\Opera\TH\connect.html
C:\System\Apps\Opera\TH\home.html
C:\System\Apps\Opera\TH\index.html
C:\System\Apps\Opera\TH\keypad.html
C:\System\Apps\Opera\TH\start.html
C:\System\Apps\Opera\TH\troubleshoot.html
C:\System\Apps\Opera\ZH-CN\connect.html
C:\System\Apps\Opera\ZH-CN\home.html
C:\System\Apps\Opera\ZH-CN\index.html
C:\System\Apps\Opera\ZH-CN\keypad.html
C:\System\Apps\Opera\ZH-CN\start.html
C:\System\Apps\Opera\ZH-CN\troubleshoot.html
C:\System\Apps\Operatormenu\Operatormenu.aif
C:\System\Apps\Operatormenu\Operatormenu.app
C:\System\Apps\PSLN\PSLN.aif
C:\System\Apps\PSLN\PSLN.app
C:\System\Apps\Phone\Phone.aif
C:\System\Apps\Phone\Phone.app
C:\System\Apps\Phonebook\Phonebook.aif
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\Photoring\Photoring.aif
C:\System\Apps\Photoring\Photoring.app
C:\System\Apps\Pinboard\Pinboard.aif
C:\System\Apps\Pinboard\Pinboard.app
C:\System\Apps\ProfileApp\ProfileApp.aif
C:\System\Apps\ProfileApp\ProfileApp.app
C:\System\Apps\ProvisioningCx\Provisioning.app
C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
C:\System\Apps\PushViewer\PushViewer.aif
C:\System\Apps\PushViewer\PushViewer.app
C:\System\Apps\Satui\Satui.aif
C:\System\Apps\Satui\Satui.app
C:\System\Apps\SchemeApp\SchemeApp.aif
C:\System\Apps\SchemeApp\SchemeApp.app
C:\System\Apps\ScreenSaver\ScreenSaver.aif
C:\System\Apps\ScreenSaver\ScreenSaver.app
C:\System\Apps\SimDirectory\SimDirectory.aif
C:\System\Apps\SimDirectory\SymDirectory.app
C:\System\Apps\SmartFileMan\SmartFileMan.aif
C:\System\Apps\SmartFileMan\SmartFileMan.app
C:\System\Apps\Smiltemplate\Smiltemplate.aif
C:\System\Apps\Smiltemplate\Smiltemplate.app
C:\System\Apps\SmsEditor\SmsEditor.aif
C:\System\Apps\SmsEditor\SmsEditor.app
C:\System\Apps\SmsViewer\SmsViewer.aif
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\SnakeEx\SnakeEx.aif
C:\System\Apps\SnakeEx\SnakeEx.app
C:\System\Apps\Speeddial\Speeddial.aif
C:\System\Apps\Speeddial\Speeddial.app
C:\System\Apps\Startup\Startup.aif
C:\System\Apps\Startup\Startup.app
C:\System\Apps\SysAp\SysAp.aif
C:\System\Apps\SysAp\SysAp.app
C:\System\Apps\SystemExplorer\SystemExplorer.aif
C:\System\Apps\SystemExplorer\SystemExplorer.app
C:\System\Apps\ToDo\ToDo.aif
C:\System\Apps\ToDo\ToDo.app
C:\System\Apps\Ussd\Ussd.aif
C:\System\Apps\Ussd\Ussd.app
C:\System\Apps\VCommand\VCommand.aif
C:\System\Apps\VCommand\VCommand.app
C:\System\Apps\Vm\Vm.aif
C:\System\Apps\Vm\Vm.app
C:\System\Apps\Voicerecorder\Voicerecorder.aif
C:\System\Apps\Voicerecorder\Voicerecorder.app
C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.app
C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
C:\System\Apps\WALLETAVOTA\WALLETAVOTA.app
C:\System\Apps\baseimage\baseimage.aif
C:\System\Apps\baseimage\baseimage.app
C:\System\Apps\bva\bva.aif
C:\System\Apps\bva\bva.app
C:\System\Apps\cshelp\cshelp.aif
C:\System\Apps\cshelp\cshelp.app
C:\System\Apps\mce\mce.aif
C:\System\Apps\mce\mce.app
C:\System\Apps\mmcapp\mmcapp.aif
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\symcs\symcs.aif
C:\System\Apps\symcs\symcs.app
C:\System\Apps\symlu\symlu.aif
C:\System\Apps\symlu\symlu.app
C:\System\Apps\testserver\testserver.aif
C:\System\Apps\testserver\testserver.app
C:\System\Apps\videotelui\videotelui.aif
C:\System\Apps\videotelui\videotelui.app
C:\System\SymbOS.Juggler\symbos_juggler.jpg

Notes:
Many files dropped by the Trojan are corrupted, which disables several legitimate programs and may prevent the device from restarting.
[DRIVE LETTER] is a variable that refers to the drive letter used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The dropped .html files are identical, and all display the following text when opened:

YOU HAVE BEEN INFECTED BY [REMOVED] VIRUS

Drops the following files to the compromised device's memory card:

E:\Images\symbos_juggler.jpg
E:\SwordFish.exe, which is detected as Trojan Horse.
E:\SwordFish.ico
E:\autorun.inf

Note: The autorun file created on the memory card tries to run the Trojan file SwordFish.exe if the card is inserted into a Windows computer.

The following file is also created by the device Installer, not the Trojan itself:
\System\install\Juggler Anti Virus®.sis

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten