|
| |
|
22.07.2007, 20:55
|
#1 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
 Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.A
Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 22.09.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.A is a Trojan horse that runs on the Symbian operating system, which is used in Nokia Series 60 cellular telephones. It also drops Windows threats, installs SymbOS.Cabir.B, and disables several applications on the compromised device. technische Details: Once executed, SymbOS.Cardtrp.A performs the following actions: Drops the following files to disable various applications on the compromised device: E:\System\Apps\WILDSKIN\WILDSKIN.App C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App C:\System\Apps\Voicerecorder\Voicerecorder.app C:\System\Apps\VoiceRec\VoiceRec.app C:\System\Apps\VM\Vm.app C:\System\Apps\Videorecorder\VideoRecorder.app C:\System\Apps\VCommand\VCommand.app E:\System\Apps\UVSMStyle\UVSMStyle.App E:\System\Apps\UltraMP3\UltraMP3.App C:\System\Apps\Todo\Todo.app E:\System\Apps\SystemExplorer\SystemExplorer.App C:\System\Apps\sSaver\sSaver.App C:\System\Apps\SpeedDial\Speeddial.app E:\System\Apps\Sounder\Sounder.App C:\System\Apps\SnakeEx\SnakeEx.app E:\System\Apps\SmsMachine\SmsMachine.App E:\System\Apps\SmartMovie\SmartMovie.App E:\System\Apps\SmartAnswer\SmartAnswer.App C:\System\Apps\SimDir\SimDir.app E:\System\Apps\ScreenCap\ScreenCap.app C:\System\Apps\SatUi\Satui.app E:\System\Apps\RingMaster\RingMaster.App C:\System\Apps\RealPlayer\RealPlayer.app E:\System\Apps\RallyProContest\RallyProContest.App E:\System\Apps\PVPlayer\PVPlayer.App C:\System\Apps\Psln\PSLN.app C:\System\Apps\ProfileApp\ProfileApp.app C:\System\Apps\Pinboard\Pinboard.app E:\System\Apps\PhotoSMS\PhotoSMS.App E:\System\Apps\PhotoSafe\PhotoSafe.App E:\System\Apps\Photographer\Photographer.app E:\System\Apps\PhotoEditor\PhotoEditor.app C:\System\Apps\PhotoAlbum\PhotoAlbum.app E:\System\Apps\photoacute\photoacute.App C:\System\Apps\PhoneBook\PhoneBook.app \System\Apps\Phone\FREAKPHONE_CAPTION.RSC \System\Apps\Phone\FREAKPHONE.RSC E:\System\Apps\Phone\FREAKPHONE.APP E:\System\Apps\Phone\FreakPhone.aif C:\System\Apps\NSmlDSSync\NSmlDSSync.app C:\System\Apps\Notepad\Notepad.app C:\System\Apps\MusicPlayer\MusicPlayer.app E:\System\Apps\Mp3Player\Mp3Player.App E:\System\Apps\Mp3Go\Mp3Go.App C:\System\Apps\mmp\mmp.App C:\System\Apps\MMCApp\MMCApp.app C:\System\Apps\MixPix\MixPix.app C:\System\Apps\MidpUi\MidpUi.app E:\System\Apps\MIDIED\MIDIED.App \System\Apps\Menu\FreakMenu_caption.rsc \System\Apps\Menu\FREAKMENU.RSC \System\Apps\Menu\FREAKMENU.APP E:\System\Apps\Menu\FreakMenu.aif C:\System\Apps\Mediaplayer\MediaPlayer.app C:\System\Apps\MediaGallery\MediaGallery.app C:\System\Apps\MCE\MCE.app C:\System\Apps\Logs\Logs.app E:\System\Apps\logoMan\logoMan.app E:\System\Apps\Launcher\Launcher.app E:\System\Apps\KPCaMain\KPCaMain.App E:\System\Apps\Jelly\Jelly.App E:\System\Apps\irremote\irRemote.App C:\System\Apps\IrApp\IrApp.app E:\System\Apps\HantroCP\HantroCP.App E:\System\Apps\Hair\Hair.App C:\System\Apps\GS\GS.app E:\System\Apps\FSCaller\FSCaller.App C:\System\Apps\FMRadio\FMRadio.app C:\System\Apps\FileManager\FileManager.app E:\System\Apps\FExplorer\FExplorer.App C:\System\Apps\Fdn\FDN.app C:\System\Apps\FaxModemUi\FaxModemUi.app E:\System\Apps\FaceWarp\FaceWarp.App E:\System\Apps\extendedrecorder\extendedrecorder.A pp E:\System\Apps\ETIPlayer\ETIPlayer.App E:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App E:\System\Apps\ETICamcorder\ETICamcorder.App C:\System\Apps\CSHelp\CSHelp.app C:\System\Apps\Converter\Converter.app C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app C:\System\Apps\Composer\Composer.app C:\System\Apps\ClockApp\ClockApp.app E:\System\Apps\CF\CF.app E:\System\Apps\camerafx\CameraFX.App C:\System\Apps\Camera\Camera.app C:\System\Apps\Camcorder\Camcorder.app E:\System\Apps\Camcoder\Camcoder.App E:\System\Apps\CallManager\CallManager.App E:\System\Apps\callcheater\callcheater.app C:\System\Apps\Calendar\Calendar.app C:\System\Apps\CalcSoft\CalcSoft.app C:\System\Apps\Browser\Browser.app E:\System\Apps\BlueJackX\BlueJackX.App E:\System\Apps\BlackList\BlackList.App C:\System\Apps\AppMngr\AppMngr.app C:\System\Apps\AppCtrl\AppCtrl.app E:\System\Apps\AnswRec\AnswRec.App E:\System\Apps\AD7650\AD7650.App C:\System\Apps\About\About.app Installs SymbOS.Cabir.B as the following files: CARIBE.SIS \system\apps\caribe\caribe.app \system\apps\caribe\flo.mdl \system\apps\caribe\caribe.rsc Copies the following files to the memory card: E:\SYSTEM.exe (A copy of another worm) E:\fsb.exe (A copy of Backdoor.Berbew.N) E:\buburuz.ICO E:\autorun.inf (A file pointing to fsb.exe) Note: These files will have the following icon:  Executes fsb.exe automatically, if the compromised memory card is connected to a computer via a card reader and the autorun feature is enabled. [Link nur für registrierte Mitglieder sichtbar.] |
|
|
22.07.2007, 20:58
|
#2 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.B
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 23.09.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.B is a Trojan horse that runs on the Symbian operating system, which is used in Nokia Series 60 cellular telephones. The Trojan also drops W32.Ifbo.A, Backdoor.Berbew.N, W32.Wullik@mm, SymbOS.Cabir.B, and disables several applications on the compromised device. technische Details: Once executed, SymbOS.Cardtrp.B performs the following actions on the compromised device: Drops the following files to disable various applications on the compromised device: E:\system\apps\WILDSKIN\WILDSKIN.App E:\system\apps\WALLETAVMGMT\WALLETAVMGMT.App E:\system\apps\Voicerecorder\Voicerecorder.app E:\system\apps\VoiceRec\VoiceRec.app E:\system\apps\VM\Vm.app E:\system\apps\Videorecorder\VideoRecorder.app E:\system\apps\VCommand\VCommand.app E:\system\apps\UVSMStyle\UVSMStyle.App E:\system\apps\UltraMP3\UltraMP3.App E:\system\apps\Todo\Todo.app E:\system\apps\SystemExplorer\SystemExplorer.App E:\system\apps\sSaver\sSaver.App E:\system\apps\SpeedDial\Speeddial.app E:\system\apps\Sounder\Sounder.App E:\system\apps\SnakeEx\SnakeEx.app E:\system\apps\SmsMachine\SmsMachine.App E:\system\apps\SmartMovie\SmartMovie.App E:\system\apps\SmartAnswer\SmartAnswer.App E:\system\apps\SimDir\SimDir.app E:\system\apps\ScreenCap\ScreenCap.app E:\system\apps\SatUi\Satui.app E:\system\apps\RingMaster\RingMaster.App E:\system\apps\RealPlayer\RealPlayer.app E:\system\apps\RallyProContest\RallyProContest.App E:\system\apps\PVPlayer\PVPlayer.App E:\system\apps\Psln\PSLN.app E:\system\apps\ProfileApp\ProfileApp.app E:\system\apps\Pinboard\Pinboard.app E:\system\apps\PhotoSMS\PhotoSMS.App E:\system\apps\PhotoSafe\PhotoSafe.App E:\system\apps\Photographer\Photographer.app E:\system\apps\PhotoEditor\PhotoEditor.app E:\system\apps\PhotoAlbum\PhotoAlbum.app E:\system\apps\photoacute\photoacute.App E:\system\apps\PhoneBook\PhoneBook.app E:\system\apps\Phone\FREAKPHONE_CAPTION.RSC E:\system\apps\Phone\FREAKPHONE.RSC E:\system\apps\Phone\FREAKPHONE.APP E:\system\apps\Phone\FreakPhone.aif E:\system\apps\NSmlDSSync\NSmlDSSync.app E:\system\apps\Notepad\Notepad.app E:\system\apps\MusicPlayer\MusicPlayer.app E:\system\apps\Mp3Player\Mp3Player.App E:\system\apps\Mp3Go\Mp3Go.App E:\system\apps\mmp\mmp.App E:\system\apps\MMCApp\MMCApp.app E:\system\apps\MixPix\MixPix.app E:\system\apps\MidpUi\MidpUi.app E:\system\apps\MIDIED\MIDIED.App E:\system\apps\Menu\FreakMenu_caption.rsc E:\system\apps\Menu\FREAKMENU.RSC E:\system\apps\Menu\FREAKMENU.APP E:\system\apps\Menu\FreakMenu.aif E:\system\apps\Mediaplayer\MediaPlayer.app E:\system\apps\MediaGallery\MediaGallery.app E:\system\apps\MCE\MCE.app E:\system\apps\Logs\Logs.app E:\system\apps\logoMan\logoMan.app E:\system\apps\Launcher\Launcher.app E:\system\apps\KPCaMain\KPCaMain.App E:\system\apps\Jelly\Jelly.App E:\system\apps\irremote\irRemote.App E:\system\apps\IrApp\IrApp.app E:\system\apps\HantroCP\HantroCP.App E:\system\apps\Hair\Hair.App E:\system\apps\GS\GS.app E:\system\apps\FSCaller\FSCaller.App E:\system\apps\FMRadio\FMRadio.app E:\system\apps\FileManager\FileManager.app E:\system\apps\File\File.App E:\system\apps\FExplorer\FExplorer.App E:\system\apps\Fdn\FDN.app E:\system\apps\FaxModemUi\FaxModemUi.app E:\system\apps\FaceWarp\FaceWarp.App E:\system\apps\extendedrecorder\extendedrecorder.A pp E:\system\apps\ETIPlayer\ETIPlayer.App E:\system\apps\ETIMovieAlbum\ETIMovieAlbum.App E:\system\apps\ETICamcorder\ETICamcorder.App E:\system\apps\CSHelp\CSHelp.app E:\system\apps\Converter\Converter.app E:\system\apps\ConnectionMonitorUi\ConnectionMonit orUi.app E:\system\apps\Composer\Composer.app E:\system\apps\ClockApp\ClockApp.app E:\system\apps\CF\CF.app E:\system\apps\camerafx\CameraFX.App E:\system\apps\Camera\Camera.app E:\system\apps\Camcorder\Camcorder.app E:\system\apps\Camcoder\Camcoder.App E:\system\apps\CallManager\CallManager.App E:\system\apps\callcheater\callcheater.app E:\system\apps\Calendar\Calendar.app E:\system\apps\CalcSoft\CalcSoft.app E:\system\apps\cabirfix\cabirfix.App E:\system\apps\Browser\Browser.app E:\system\apps\BlueJackX\BlueJackX.App E:\system\apps\BlackList\BlackList.App E:\system\apps\AppMngr\AppMngr.app E:\system\apps\AppCtrl\AppCtrl.app E:\system\apps\Antivirus\Antivirus.rsc E:\system\apps\AnswRec\AnswRec.App E:\system\apps\AD7650\AD7650.App E:\system\apps\About\About.app C:\etelsat.dll C:\etelpckt.dll C:\etelmm.dll C:\ETel.dll Installs SymbOS.Cabir.B as the following files: E:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.a pp E:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.m dl E:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.r sc Copies the following files to the memory card: E:\SYSTEM.exe (A copy of W32.Wullik@mm) E:\fsb.exe (A copy of Backdoor.Berbew.N) E:\apps.exe (A copy of W32.Ifbo.A) E:\buburuz.ICO E:\autorun.inf (A file pointing to fsb.exe) Executes fsb.exe automatically, if the compromised memory card is connected to a computer via a card reader and the autorun feature is enabled. [Link nur für registrierte Mitglieder sichtbar.] |
|
|
|
22.07.2007, 21:04
|
#3 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.C
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 07.10.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.C is a Trojan horse program that runs on the Symbian operating system, which is used in Nokia Series 60 cellular telephones. It installs SymbOS.Mabir, SymbOS.Cabir.B, SymbOS.Lasco.A, SymbOS.Commwarrior.B, and disables several applications on the compromised device. It also drops the Windows component of SymbOS.Lasco.A to a mobile device's memory card. technische Details: This threat may arrive as the file Nokia Application.sis. When SymbOS.Cardtrp.C is executed, it performs the following actions: Drops the following files to disable various applications on the compromised device: C:\System\Apps\AD7650\AD7650.App C:\System\Apps\About\About.app C:\System\Apps\AnswRec\AnswRec.App C:\System\Apps\Anti-Virus\Anti-Virus.app C:\System\Apps\Anti-Virus\FsAVUpdater.app C:\System\Apps\Antivirus\Antivirus.app C:\System\Apps\Antivirus\Antivirus.rsc C:\System\Apps\AppCtrl\AppCtrl.app C:\System\Apps\AppMngr\AppMngr.app C:\System\Apps\BlackList\BlackList.App C:\System\Apps\BlueJackX\BlueJackX.App C:\System\Apps\Browser\Browser.app C:\System\Apps\CF\CF.app C:\System\Apps\CSHelp\CSHelp.app C:\System\Apps\CalcSoft\CalcSoft.app C:\System\Apps\Calendar\Calendar.app C:\System\Apps\CallManager\CallManager.App C:\System\Apps\Camcoder\Camcoder.App C:\System\Apps\Camcorder\Camcorder.app C:\System\Apps\ClockApp\ClockApp.app C:\System\Apps\Composer\Composer.app C:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app C:\System\Apps\Converter\Converter.app C:\System\Apps\Disinfect\Disinfect.app C:\System\Apps\IrApp\IrApp.aif C:\System\Apps\IrApp\IrApp.app C:\System\Apps\NSmlDSSync\NSmlDSSync.app C:\System\Apps\Notepad\Notepad.app C:\System\Apps\PVPlayer\PVPlayer.App C:\System\Apps\PhoneBook\PhoneBook.app C:\System\Apps\Phone\FREAKPHONE.APP C:\System\Apps\Phone\FREAKPHONE.RSC C:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC C:\System\Apps\Phone\FreakPhone.aif C:\System\Apps\PhotoAlbum\PhotoAlbum.app C:\System\Apps\PhotoEditor\PhotoEditor.app C:\System\Apps\PhotoSMS\PhotoSMS.App C:\System\Apps\PhotoSafe\PhotoSafe.App C:\System\Apps\Photographer\Photographer.app C:\System\Apps\Pinboard\Pinboard.app C:\System\Apps\ProfileApp\ProfileApp.app C:\System\Apps\Psln\PSLN.app C:\System\Apps\RallyProContest\RallyProContest.App C:\System\Apps\RealPlayer\RealPlayer.app C:\System\Apps\RingMaster\RingMaster.App C:\System\Apps\SatUi\Satui.app C:\System\Apps\ScreenCap\ScreenCap.app C:\System\Apps\Shell\Shell.App C:\System\Apps\Shell\Shell.r159 C:\System\Apps\Shell\Shell.r31 C:\System\Apps\SimDir\SimDir.app C:\System\Apps\SmartAnswer\SmartAnswer.App C:\System\Apps\SmsMachine\SmsMachine.App C:\System\Apps\SnakeEx\SnakeEx.app C:\System\Apps\Sounder\Sounder.App C:\System\Apps\SpeedDial\Speeddial.app C:\System\Apps\Startup\Startup.app C:\System\Apps\SystemExplorer\SystemExplorer.App C:\System\Apps\Todo\Todo.app C:\System\Apps\UVSMStyle\UVSMStyle.App C:\System\Apps\UltraMP3\UltraMP3.App C:\System\Apps\VCommand\VCommand.app C:\System\Apps\VM\Vm.app C:\System\Apps\Videorecorder\VideoRecorder.app C:\System\Apps\Voicerecorder\Voicerecorder.app C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App C:\System\Apps\cabirfix\cabirfix.App C:\System\Apps\callcheater\callcheater.app C:\System\Apps\camerafx\CameraFX.App C:\System\Apps\mmcapp\MMCApp.app C:\System\Apps\photoacute\photoacute.App C:\System\Apps\restart\restart.App C:\System\Apps\sSaver\sSaver.App Drops the following files to the mobile device's memory card: E:\Bugsis.ICO E:\CARIBE.Sis, which is the SymbOS.Mabir worm E:\ETel.dll E:\MMS.exe, which is the SymbOS.Commwarrior.B worm E:\System\Apps.com, which is detected as EICAR Test String E:\System\Apps\AgileMessenger\AgileMessenger.App E:\System\Apps\Camera\Camera.a159 E:\System\Apps\Camera\Camera.a31 E:\System\Apps\Camera\Camera.app E:\System\Apps\Camera\Camera.r159 E:\System\Apps\Camera\Camera.r31 E:\System\Apps\Camera\take_picture.wav E:\System\Apps\ControlPanel\ControlPanel.App E:\System\Apps\ControlPanel\ControlPanel.a159 E:\System\Apps\ControlPanel\ControlPanel.a31 E:\System\Apps\ControlPanel\ControlPanel.r159 E:\System\Apps\ControlPanel\ControlPanel.r31 E:\System\Apps\DVDPlayer\DVDPlayer.App E:\System\Apps\ETICamcorder\ETICamcorder.App E:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App E:\System\Apps\ETIPlayer\ETIPlayer.App E:\System\Apps\FExplorer\FExplorer.App E:\System\Apps\FMRadio\FMRadio.app E:\System\Apps\FSCaller\FSCaller.App E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.a pp, which is the SymbOS.Cabir.B worm E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.m dl, which is a component of the SymbOS.Cabir worm E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.r sc E:\System\Apps\FSServer\FSServer.App E:\System\Apps\FaceWarp\FaceWarp.App E:\System\Apps\FaxModemUi\FaxModemUi.app E:\System\Apps\Fdn\FDN.app E:\System\Apps\FiMan\FiMan.App E:\System\Apps\FiMan\FiMan.a159 E:\System\Apps\FiMan\FiMan.a31 E:\System\Apps\FiMan\FiMan.r159 E:\System\Apps\FiMan\FiMan.r31 E:\System\Apps\FileGuard\FileGuard.App E:\System\Apps\FileManager\FileManager.app E:\System\Apps\File\File.App E:\System\Apps\GS\GS.app E:\System\Apps\Hair\Hair.App E:\System\Apps\HantroCP\HantroCP.App E:\System\Apps\InstWiz\InstWiz.App E:\System\Apps\InstWiz\InstWiz.mbm E:\System\Apps\InstWiz\InstWiz.r159 E:\System\Apps\InstWiz\InstWiz.r31 E:\System\Apps\InstWiz\Instwiz.a159 E:\System\Apps\InstWiz\Instwiz.a31 E:\System\Apps\Jelly\Jelly.App E:\System\Apps\KPCaMain\KPCaMain.App E:\System\Apps\Launcher\Launcher.app E:\System\Apps\Logs\Logs.app E:\System\Apps\MCE\MCE.app E:\System\Apps\MIDIED\MIDIED.App E:\System\Apps\MMPlayer\MMPlayer.App E:\System\Apps\MediaGallery\MediaGallery.app E:\System\Apps\Mediaplayer\MediaPlayer.app E:\System\Apps\Menu\FREAKMENU.APP E:\System\Apps\Menu\FREAKMENU.RSC E:\System\Apps\Menu\FreakMenu.aif E:\System\Apps\Menu\FreakMenu_caption.rsc E:\System\Apps\MidpUi\MidpUi.app E:\System\Apps\MixPix\MixPix.app E:\System\Apps\Mp3Go\Mp3Go.App E:\System\Apps\Mp3Player\Mp3Player.App E:\System\Apps\MusicPlayer\MusicPlayer.a159 E:\System\Apps\MusicPlayer\MusicPlayer.a31 E:\System\Apps\MusicPlayer\MusicPlayer.app E:\System\Apps\MusicPlayer\MusicPlayer.r159 E:\System\Apps\MusicPlayer\MusicPlayer.r31 E:\System\Apps\Opera\Opera.App E:\System\Apps\Opera\Opera.a159 E:\System\Apps\Opera\Opera.a31 E:\System\Apps\Opera\Opera.r159 E:\System\Apps\Opera\Opera.r31 E:\System\Apps\Opera\bookmarks E:\System\Apps\Opera\csr.css E:\System\Apps\Opera\opera.def E:\System\Apps\Opera\opf.css E:\System\Apps\Opera\wml.css E:\System\Apps\PMODE\PMODE.App E:\System\Apps\PMODE\PMODE.a159 E:\System\Apps\PMODE\PMODE.a31 E:\System\Apps\PMODE\PMODE.r159 E:\System\Apps\PMODE\PMODE.r31 E:\System\Apps\Phoneapp\PhoneApp.r159 E:\System\Apps\Phoneapp\PhoneApp.r31 E:\System\Apps\Phoneapp\Phoneapp.a159 E:\System\Apps\Phoneapp\Phoneapp.a31 E:\System\Apps\Phoneapp\SDPicMask.mbm E:\System\Apps\Phoneapp\phoneApp.App E:\System\Apps\Phoneapp\phoneapp_caption.r159 E:\System\Apps\Phoneapp\phoneapp_caption.r31 E:\System\Apps\PhotoBase\PhotoBase.App E:\System\Apps\Picodrive\Picodrive.App E:\System\Apps\PowerFile\PowerFile.App E:\System\Apps\Shell\Shell.a159 E:\System\Apps\Shell\Shell.a31 E:\System\Apps\SkyForce\SkyForce.App E:\System\Apps\SmartMovie\SmartMovie.App E:\System\Apps\Switcher\Switcher.App E:\System\Apps\Tasks\Tasks.App E:\System\Apps\Tasks\Tasks.a159 E:\System\Apps\Tasks\Tasks.a31 E:\System\Apps\Typepad\Typepad.App E:\System\Apps\VisualRadio\VisualRadio.App E:\System\Apps\VisualRadio\visualradio.a159 E:\System\Apps\VisualRadio\visualradio.a31 E:\System\Apps\VisualRadio\visualradio.r159 E:\System\Apps\VisualRadio\visualradio.r31 E:\System\Apps\VoiceRec\VoiceRec.a159 E:\System\Apps\VoiceRec\VoiceRec.a31 E:\System\Apps\VoiceRec\VoiceRec.app E:\System\Apps\VoiceRec\VoiceRec.r159 E:\System\Apps\VoiceRec\VoiceRec.r31 E:\System\Apps\WILDSKIN\WILDSKIN.App E:\System\Apps\extendedrecorder\extendedrecorder.A pp E:\System\Apps\flashlight\flashlight.App E:\System\Apps\implus\implus.App E:\System\Apps\irremote\irRemote.App E:\System\Apps\logoMan\logoMan.app E:\System\Apps\mmp\mmp.App E:\System\Apps\msn\msn.App E:\System\Apps\muma\MuMa.App E:\System\Apps\putty\putty.App E:\System\Apps\vpnpolins\vpnpolins.aif E:\System\Apps\vpnpolins\vpnpolins.app E:\System\Apps\vpnpolins\vpnpolins.rsc E:\autorun.inf E:\etelmm.dll E:\etelpckt.dll E:\infectSIS.exe, which is the Windows component of SymbOS.Lasco.A E:\etelsat.dll Creates an autorun file which tries to run infectSIS.exe if the memory card is inserted into a Windows computer. The file infectSIS.exe attempts to infect all SIS files on the computer with SymbOS.Lasco.A. Drops SymbOS.Doomboot.A which prevents the mobile device from rebooting. [Link nur für registrierte Mitglieder sichtbar.] |
|
|
|
|
|
22.07.2007, 21:11
|
#4 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.F
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 14.11.2005 auch bekannt als: Cardtrap.F [F-Secure] Information: SymbOS.Cardtrp.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables many programs installed on the device, and also installs malware onto the compromised device. SymbOS.Cardtrp.F reportedly arrives as Antiviruspack.sis. technische Details: When SymbOS.Cardtrp.F is executed, it performs the following actions: Copies itself as the following file: Antiviruspack.sis Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the Antiviruspack.sis file: Install Antiviruspack Drops the following files, some of which may overwrite legitimate files and disable various applications on the compromised device: .\Risk.exe (A copy of W32.HLLW.Cydog@mm) .\fsb.exe (A copy of W32.Ifbo.A) .\Anti-VirusPack(Pack1).sis (A copy of SymbOS.Cabir.C) .\Anti-VirusPack(Pack1)0.sis (A copy of SymbOS.Cabir.C) .\PopUp0.txt .\About0.txt C:\autorun.inf C:\etelsat.dll C:\etelpckt.dll C:\etelmm.dll C:\ETel.dll C:\system\Programs\cwoutcast.exe C:\system\apps\Anti-Virus\FSAVDT.exe C:\system\apps\Anti-Virus\Anti-Virus.rsc C:\system\apps\Anti-Virus\Anti-Virus.app C:\system\apps\Anti-Virus\FsAVUpdater.rsc C:\system\apps\Anti-Virus\FsAVUpdater.app C:\system\apps\Anti-Virus\FSAVEPOC.DAT C:\system\apps\AntiVirus\flo.mdl (A copy of SymbOS.Cabir) C:\system\apps\AntiVirus\Antivirus.rsc C:\system\apps\AntiVirus\Antivirus.app C:\system\apps\AppCtrl\AppCtrl.app C:\system\apps\AppInst\Appinst.app C:\system\apps\AppInst\Appinst.aif C:\system\apps\AppMngr\AppMngr.app C:\system\apps\AppMngr\AppMngr.aif (A copy of SymbOS.Skulls.C) C:\system\apps\autolock\Autolock.app C:\system\apps\autolock\Autolock.aif (A copy of SymbOS.Skulls.C) C:\system\apps\bootdata\bootdata_CAPTION.rsC C:\system\apps\bootdata\bootdata.app C:\system\apps\CallManager\CallManager.App C:\system\apps\caribe\flo.mdl (A copy of SymbOS.Cabir) C:\system\apps\caribe\caribe.rsc C:\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.B) C:\system\apps\CommWarrior\commwarrior.exe C:\system\apps\CommWarrior\commrec.mdl C:\system\apps\EVS\EVS.rsc C:\system\apps\EVS\EVS.app C:\system\apps\FileManager\FileManager.app C:\system\apps\FileManager\FileManager.aif (A copy of SymbOS.Skulls.C) C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.r sc C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.m dl (A copy of SymbOS.Cabir) C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.a pp (A copy of SymbOS.Cabir.B) C:\system\apps\Gavno\gavno_caption.Rsc C:\system\apps\Gavno\gavno.Rsc C:\system\apps\Gavno\gavno.App C:\system\apps\Menu\Menu.app C:\system\apps\Menu\Menu.aif (A copy of SymbOS.Skulls.C) C:\system\apps\MMCApp\MMCApp.app C:\system\apps\MMCApp\mmcapp.aif (A copy of SymbOS.Skulls.C) C:\system\apps\MultiTrap\MultiTrap C:\system\apps\MultiTrap\MultiTrap.app C:\system\apps\MultiTrap\ezrecog.MDL C:\system\apps\MultiTrap\MultiTrap.rsc C:\system\apps\OIDI500\OIDI500.rsc C:\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.aif C:\system\apps\symcs\symcs.rsc C:\system\apps\symcs\symcs.app C:\system\apps\symcs\Security.rsc C:\system\apps\symcs\Security.app C:\system\apps\symlu\symlu.rsc C:\system\apps\symlu\symlu.exe C:\system\apps\velasco\velasco.rsc C:\system\apps\velasco\velasco.app C:\system\apps\velasco\marcos.mdl C:\system\bif\FSBioMessage.bif C:\system\bif\AVBioIcons.mbm C:\system\bootdata\LocaleData.D01 C:\system\bootdata\HALData.dat C:\system\bootdata\FirstBoot.dat C:\system\bootdata\CommonData.D00 C:\system\bootdata\SIMLanguage.dat C:\system\CARIBESECURITYMANAGER\caribe.app (A copy of SymbOS.Cabir.B) C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP (A copy of SymbOS.Cabir.M) C:\system\RECOGS\YYSBootRec.mdl (A copy of SymbOS.Skulls.D) C:\system\RECOGS\mod.MDL (A copy of SymbOS.Cabir.F) C:\system\RECOGS\FSRec.mdl C:\system\RECOGS\flo.mdl (A copy of SymbOS.Cabir) C:\system\RECOGS\$$$.MDL (A copy of SymbOS.Cabir.M) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\skulls.rsc C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\skulls.app (A copy of SymbOS.Cabir.F) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\mod.mdl (A copy of SymbOS.Cabir.F) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\skulls.RSC C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\skulls.APP (A copy of SymbOS.Cabir.F) C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif Z:\System\Apps\AppInst\Appinst.app Z:\System\Apps\AppInst\Appinst.aif Z:\System\Apps\Phone\Menu.app Z:\System\Apps\Phone\Menu.aif (A copy of SymbOS.Skulls.C) Z:\System\Apps\Phone\Phone.app Z:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C) Z:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC Z:\System\Apps\Phone\FREAKPHONE.RSC Z:\System\Apps\Phone\FREAKPHONE.APP Z:\System\Apps\Phone\FreakPhone.aif Z:\System\bin\pbe.dll Z:\system\install\languages.txt Z:\system\install\operinfo.txt Z:\System\Programs\Starter.exe Z:\System\Programs\midp2.exe Z:\System\Programs\dnd.exe Z:\System\Programs\AppRun.exe May also drops the following files to the mobile device's memory card: E:\autorun.inf E:\system.exe (A copy of W32.Wullik@mm) E:\system\APPS.exe (A copy of W32.Ifbo.A) E:\system\apps\ProfiExplorer\ProfiExplorer.app E:\system\apps\ProfiExplorer\ProfiExplorer.aif (A copy of SymbOS.Skulls.C) E:\system\CARIBESECURITYMANAGER\caribe.rsc E:\system\apps\SmartFileMan\SmartFileMan_CAPTION.r sC E:\system\apps\SmartFileMan\SmartFileMan.rsc E:\system\apps\SmartFileMan\SmartFileMan.app E:\system\apps\SmartFileMan\SmartFileMan.aif E:\system\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir) E:\system\apps\Launcher\Launcher.app E:\system\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir) E:\system\apps\FExplorer\FExplorer_CAPTION.rsC E:\system\apps\FExplorer\FExplorer.rsc E:\system\apps\FExplorer\FExplorer.app E:\system\apps\FExplorer\FExplorer.aif E:\system\apps\SystemExplorer\SystemExplorer_CAPTI ON.rsC E:\system\apps\SystemExplorer\SystemExplorer.rsc E:\system\apps\SystemExplorer\SystemExplorer.app E:\system\apps\SystemExplorer\SystemExplorer.aif Creates an autorun file which tries to run Risk.exe (A copy of W32.HLLW.Cydog@mm) and fsb.exe (A copy of W32.Ifbo.A), if the memory card is inserted into a Windows computer. The following file is also created by the device Installer, not the threat: \system\install\Antiviruspack.sis [Link nur für registrierte Mitglieder sichtbar.] |
|
|
|
22.07.2007, 21:13
|
#5 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.G
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 11.11.2005 auch bekannt als: Cardtrap.G [F-Secure] Information: SymbOS.Cardtrp.G is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables many programs installed on the device, and also installs malware onto the compromised device. SymbOS.Cardtrp.G reportedly arrives as Antiviruspack.sis. technische Details: When SymbOS.Cardtrp.G is executed, it performs the following actions: Copies itself as the following file: Antiviruspack.sis Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the Antiviruspack.sis file: Install Antiviruspack Drops the following files, some of which may overwrite legitimate files and disable various applications on the compromised device: .\Risk.exe (A copy of W32.HLLW.Cydog@mm) .\fsb.exe (A copy of Backdoor.Berbew.N) .\PopUp0.txt .\About0.txt C:\autorun.inf C:\etelmm.dll C:\etelpckt.dll C:\etelsat.dll C:\ETel.dll C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP (A copy of SymbOS.Cabir.M) C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\skulls.APP (A copy of SymbOS.Cabir.F) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\skulls.RSC C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\mod.mdl (A copy of SymbOS.Cabir.F) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\skulls.app (A copy of SymbOS.Cabir.F) C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKUL LSSECURITYMANAGER\system\apps\skulls\skulls.rsc C:\system\CARIBESECURITYMANAGER\caribe.app (A copy of SymbOS.Cabir.B) C:\system\Programs\cwoutcast.exe C:\system\RECOGS\$$$.MDL (A copy of SymbOS.Cabir.M) C:\system\RECOGS\FSRec.mdl C:\system\RECOGS\YYSBootRec.mdl (A copy of SymbOS.Skulls.D) C:\system\RECOGS\flo.mdl (A copy of SymbOS.Cabir) C:\system\RECOGS\mod.MDL (A copy of SymbOS.Cabir.F) C:\system\apps\Anti-Virus\Anti-Virus.app C:\system\apps\Anti-Virus\Anti-Virus.rsc C:\system\apps\Anti-Virus\FSAVDT.exe C:\system\apps\Anti-Virus\FSAVEPOC.DAT C:\system\apps\Anti-Virus\FsAVUpdater.app C:\system\apps\Anti-Virus\FsAVUpdater.rsc C:\system\apps\AntiVirus\Antivirus.app C:\system\apps\AntiVirus\Antivirus.rsc C:\system\apps\AntiVirus\flo.mdl (A copy of SymbOS.Cabir) C:\system\apps\AppCtrl\AppCtrl.app C:\system\apps\AppInst\Appinst.aif C:\system\apps\AppInst\Appinst.app C:\system\apps\AppMngr\AppMngr.aif (A copy of SymbOS.Skulls.C) C:\system\apps\AppMngr\AppMngr.app C:\system\apps\CallManager\CallManager.App C:\system\apps\CommWarrior\commrec.mdl C:\system\apps\CommWarrior\commwarrior.exe C:\system\apps\EVS\EVS.app C:\system\apps\EVS\EVS.rsc C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.a pp (A copy of SymbOS.Cabir.B) C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.m dl (A copy of SymbOS.Cabir) C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.r sc C:\system\apps\FileManager\FileManager.aif C:\system\apps\FileManager\FileManager.app C:\system\apps\Gavno\gavno.App C:\system\apps\Gavno\gavno.Rsc C:\system\apps\Gavno\gavno_caption.Rsc C:\system\apps\MMCApp\MMCApp.app C:\system\apps\MMCApp\mmcapp.aif (A copy of SymbOS.Skulls.C) C:\system\apps\Menu\Menu.aif (A copy of SymbOS.Skulls.C) C:\system\apps\Menu\Menu.app C:\system\apps\MultiTrap\MultiTrap C:\system\apps\MultiTrap\MultiTrap.app C:\system\apps\MultiTrap\MultiTrap.rsc C:\system\apps\MultiTrap\ezrecog.MDL C:\system\apps\OIDI500\OIDI500.aif C:\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.rsc C:\system\apps\autolock\Autolock.aif (A copy of SymbOS.Skulls.C) C:\system\apps\autolock\Autolock.app C:\system\apps\bootdata\bootdata.app C:\system\apps\bootdata\bootdata_CAPTION.rsC C:\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.B) C:\system\apps\caribe\caribe.rsc C:\system\apps\caribe\flo.mdl (A copy of SymbOS.Cabir) C:\system\apps\symcs\Security.app C:\system\apps\symcs\Security.rsc C:\system\apps\symcs\symcs.app C:\system\apps\symcs\symcs.rsc C:\system\apps\symlu\symlu.exe C:\system\apps\symlu\symlu.rsc C:\system\apps\velasco\marcos.mdl C:\system\apps\velasco\velasco.app C:\system\apps\velasco\velasco.rsc C:\system\bif\AVBioIcons.mbm C:\system\bif\FSBioMessage.bif C:\system\bootdata\CommonData.D00 C:\system\bootdata\FirstBoot.dat C:\system\bootdata\HALData.dat C:\system\bootdata\LocaleData.D01 C:\system\bootdata\SIMLanguage.dat Z:\System\Apps\AppInst\Appinst.aif Z:\System\Apps\AppInst\Appinst.app Z:\System\Apps\Phone\FREAKPHONE.APP Z:\System\Apps\Phone\FREAKPHONE.RSC Z:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC Z:\System\Apps\Phone\FreakPhone.aif Z:\System\Apps\Phone\Menu.aif (A copy of SymbOS.Skulls.C) Z:\System\Apps\Phone\Menu.app Z:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C) Z:\System\Apps\Phone\Phone.app Z:\System\Programs\AppRun.exe Z:\System\Programs\Starter.exe Z:\System\Programs\dnd.exe Z:\System\Programs\midp2.exe Z:\System\bin\pbe.dll Z:\system\install\languages.txt Z:\system\install\operinfo.txt Drops the following files to the mobile device's memory card: E:\autorun.inf E:\system.exe (A copy of W32.Wullik@mm) E:\system\APPS.exe (A copy of W32.Ifbo.A) E:\system\CARIBESECURITYMANAGER\caribe.rsc E:\system\apps\FExplorer\FExplorer.aif E:\system\apps\FExplorer\FExplorer.app E:\system\apps\FExplorer\FExplorer.rsc E:\system\apps\FExplorer\FExplorer_CAPTION.rsC E:\system\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir) E:\system\apps\Launcher\Launcher.app E:\system\apps\ProfiExplorer\ProfiExplorer.aif E:\system\apps\ProfiExplorer\ProfiExplorer.app E:\system\apps\SmartFileMan\SmartFileMan.aif (A copy of SymbOS.Skulls.C) E:\system\apps\SmartFileMan\SmartFileMan.app E:\system\apps\SmartFileMan\SmartFileMan.rsc E:\system\apps\SmartFileMan\SmartFileMan_CAPTION.r sC E:\system\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir) E:\system\apps\SystemExplorer\SystemExplorer.aif E:\system\apps\SystemExplorer\SystemExplorer.app E:\system\apps\SystemExplorer\SystemExplorer.rsc E:\system\apps\SystemExplorer\SystemExplorer_CAPTI ON.rsC Creates an autorun file which tries to run the files Risk.exe and fsb.exe if the memory card is inserted into a computer running Windows. The file Risk.exe is a copy of W32.HLLW.Cydog@mm, and the file fsb.exe is a copy of Backdoor.Berbew.N. Creates the following file: \system\install\Antiviruspack.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.] |
|
|
|
22.07.2007, 21:33
|
#6 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.H
Risiko: sehr gering
Typ: Trojanisches Pferd entdeckt am: 28.11.2005 auch bekannt als: keine Angabe Information: SymbOS.Cardtrp.H is a Trojan horse that drops many various threats on to the compromised device. The Trojan also disables several applications. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan arrives on the compromised device as Offical Symbian OS Update v80 ® 2005 Symbian Ltd.sis. technische Details: When SymbOS.Cardtrp.H arrives, the device performs the following actions: Displays a message warning users that the application may be coming from an untrusted source and may cause problems on the device. Displays a message prompting the user to install: "Offical Symbian OS Update v80 ® 2005 Symbian Ltd" When the threat is installed, the threat performs the following actions: Drops the following files on to the compromised device, which may overwrite legitimate files and disable many applications: E:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif E:\System\Apps\Profimail\Data\shop.txt E:\System\Apps\Profimail\Data\PM_S60.dta E:\System\Apps\Profimail\Data\messages.bin E:\System\Apps\Profimail\Data\config.bin E:\System\Apps\Profimail\Data\Alert.mid E:\System\Apps\apps\UltraMP3\UltraMP3_CAPTION.rsC E:\System\Apps\apps\UltraMP3\UltraMP3.rsc E:\System\Apps\apps\UltraMP3\UltraMP3.app E:\System\Apps\apps\UltraMP3\UltraMP3.aif E:\System\Apps\apps\UltraMP3\flo.mdl, SymbOS.Cabir.Q E:\System\Apps\apps\SystemExplorer\SystemExplorer_ CAPTION.rsC E:\System\Apps\apps\SystemExplorer\SystemExplorer. rsc E:\System\Apps\apps\SystemExplorer\SystemExplorer. aif E:\System\Apps\apps\SmartMovie\SmartMovie_CAPTION. rsC E:\System\Apps\apps\SmartMovie\SmartMovie.rsc E:\System\Apps\apps\SmartMovie\SmartMovie.aif E:\System\Apps\apps\SmartFileMan\SmartFileMan_CAPT ION.rsC E:\System\Apps\apps\SmartFileMan\SmartFileMan.rs E:\System\Apps\apps\SmartFileMan\SmartFileMan.app E:\System\Apps\apps\SmartFileMan\SmartFileMan.aif E:\System\Apps\apps\PhoneBook\PhoneBook_CAPTION.R1 3 E:\System\Apps\apps\PhoneBook\PhoneBook_CAPTION.r0 1 E:\System\Apps\apps\PhoneBook\PhoneBook.R13 E:\System\Apps\apps\PhoneBook\PhoneBook.R01 E:\System\Apps\apps\PhoneBook\PhoneBook.aif E:\System\Apps\apps\MCE\MCE_CAPTION.R13 E:\System\Apps\apps\MCE\mce_CAPTION.r01 E:\System\Apps\apps\MCE\MCE.R13 E:\System\Apps\apps\MCE\MCE.R01 E:\System\Apps\apps\iLoveU\iLoveU_CAPTION.rsC E:\System\Apps\apps\iLoveU\iLoveU.rsc E:\System\Apps\apps\iLoveU\iLoveU.aif E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook_ CAPTION.R13 E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook_ CAPTION.r01 E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook. R13 E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook. R01 E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook. aif E:\System\Apps\apps\FREAKBtUi\FREAKBtUi_CAPTION.R1 3 E:\System\Apps\apps\FREAKBtUi\FREAKBtUi_CAPTION.r0 1 E:\System\Apps\apps\FREAKBtUi\FREAKBtUi.R13 E:\System\Apps\apps\FREAKBtUi\FREAKBtUi.R01 E:\System\Apps\apps\FREAKBtUi\FREAKBtUi.app E:\System\Apps\apps\FREAKBtUi\FREAKBtUi.aif E:\System\Apps\apps\File\File_CAPTION.rsC E:\System\Apps\apps\File\File.rsc E:\System\Apps\apps\File\File.aif E:\System\Apps\apps\FExplorer\FExplorer_CAPTION.rs C E:\System\Apps\apps\FExplorer\FExplorer.rsc E:\System\Apps\apps\FExplorer\FExplorer.aif E:\System\Apps\apps\Camcoder\Camcoder_CAPTION.rsC E:\System\Apps\apps\Camcoder\Camcoder.rsc E:\System\Apps\apps\Camcoder\Camcoder.aif E:\System\Apps\apps\BtUi\BTUI_CAPTION.R13 E:\System\Apps\apps\BtUi\BTUI_CAPTION.r01 E:\System\Apps\apps\BtUi\BTUI.R13 E:\System\Apps\apps\BtUi\BTUI.R01 E:\System\Apps\apps\BtUi\BTUI.app E:\System\Apps\apps\BtUi\BTUI.aif E:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll E:\System\Apps\Anti-Virus\backup\FSBioMessage.bif E:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm E:\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.RSC E:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC E:\System\Apps\WILDSKIN\WILDSKIN.App E:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP E:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App E:\System\Apps\vpnpolins\vpnpolins.rsc E:\System\Apps\vpnpolins\vpnpolins.app E:\System\Apps\vpnpolins\vpnpolins.aif E:\System\Apps\Voicerecorder\Voicerecorder.app E:\System\Apps\VoiceRec\VoiceRec.r31 E:\System\Apps\VoiceRec\VoiceRec.r159 E:\System\Apps\VoiceRec\VoiceRec.app E:\System\Apps\VoiceRec\VoiceRec.a31 E:\System\Apps\VoiceRec\VoiceRec.a159 E:\System\Apps\VisualRadio\visualradio.r31 E:\System\Apps\VisualRadio\visualradio.r159 E:\System\Apps\VisualRadio\VisualRadio.App E:\System\Apps\VisualRadio\visualradio.a31 E:\System\Apps\VisualRadio\visualradio.a159 E:\System\Apps\VideoRecorder\VideoRecorder.app E:\System\Apps\VideoRecorder\VideoRecorder.aif E:\System\Apps\VCommand\VCommand.app E:\System\Apps\UVSMStyle\UVSMStyle.App E:\System\Apps\Ussd\Ussd.app E:\System\Apps\UltraMP3\UltraMP3.App E:\System\Apps\Typepad\Typepad.App E:\System\Apps\ToDo\Todo.app E:\System\Apps\Tee222\Tee222_CAPTION.rsC E:\System\Apps\Tee222\Tee222.rsc E:\System\Apps\Tee222\Tee222.aif E:\System\Apps\Tasks\Tasks.App E:\System\Apps\Tasks\Tasks.a31 E:\System\Apps\Tasks\Tasks.a159 E:\System\Apps\SystemExplorer\SystemExplorer.App E:\System\Apps\SysAp\SysAp.app E:\System\Apps\SymCommander\SymCommander.app E:\System\Apps\SymCommander\SymCommander.aif E:\System\Apps\Switcher\Switcher.App E:\System\Apps\Startup\Startup.app E:\System\Apps\sSaver\sSaver.App E:\System\Apps\Speeddial\Speeddial.app E:\System\Apps\Sounder\Sounder.App E:\System\Apps\SnakeEx\SnakeEx.app E:\System\Apps\SmsViewer\SmsViewer.app E:\System\Apps\SmsMachine\SmsMachine.App E:\System\Apps\SmsEditor\SmsEditor.app E:\System\Apps\SmartMovie\SmartMovie.App E:\System\Apps\SmartFileMan\SmartFileMan.app E:\System\Apps\SmartAnswer\SmartAnswer.App E:\System\Apps\SkyForce\SkyForce.App E:\System\Apps\SimDirectory\SimDirectory.app E:\System\Apps\SimDir\SimDir.app E:\System\Apps\Shell\Shell.r31 E:\System\Apps\Shell\Shell.r159 E:\System\Apps\Shell\Shell.App E:\System\Apps\Shell\Shell.a31 E:\System\Apps\Shell\Shell.a159 E:\System\Apps\Sdn\Sdn.app E:\System\Apps\ScreenSaver\ScreenSaver.app E:\System\Apps\ScreenCap\ScreenCap.app E:\System\Apps\SchemeApp\SchemeApp.app E:\System\Apps\Satui\Satui.app E:\System\Apps\RINUMenu\RINUMenu_caption.rsc E:\System\Apps\RINUMenu\RINUMenu.RSC E:\System\Apps\RINUMenu\RINUMenu.APP E:\System\Apps\RingMaster\RingMaster.App E:\System\Apps\restart\restart.App E:\System\Apps\realplayer\RealPlayer.app E:\System\Apps\RallyProContest\RallyProContest.App E:\System\Apps\RAGHUMenu\RAGHUMenu_caption.rsc E:\System\Apps\RAGHUMenu\RAGHUMENU.RSC E:\System\Apps\RAGHUMenu\RAGHUMENU.APP E:\System\Apps\RAGHU\RAGHU.app E:\System\Apps\PVPlayer\PVPlayer.App E:\System\Apps\putty\putty.App E:\System\Apps\PushViewer\PushViewer.app E:\System\Apps\PSLN\PSLN.app E:\System\Apps\ProvisioningCx\ProvisioningCx.app E:\System\Apps\Profimail\ProfiMail.rsc E:\System\Apps\Profimail\ProfiMail.app E:\System\Apps\Profimail\ProfiMail.aif E:\System\Apps\ProfileApp\ProfileApp.app E:\System\Apps\ProfiExplorer\ProfiExplorer.rsc E:\System\Apps\ProfiExplorer\ProfiExplorer.app E:\System\Apps\PRESENCE\PRESENCE.APP E:\System\Apps\PowerFile\PowerFile.App E:\System\Apps\PMODE\PMODE.r31 E:\System\Apps\PMODE\PMODE.r159 E:\System\Apps\PMODE\PMODE.App E:\System\Apps\PMODE\PMODE.a31 E:\System\Apps\PMODE\PMODE.a159 E:\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC E:\System\Apps\pjBLUE\pjBLUE.APP E:\System\Apps\pjBLUE\pjBLUE.aif E:\System\Apps\Pinboard\Pinboard.app E:\System\Apps\Picodrive\Picodrive.App E:\System\Apps\PhotoSMS\PhotoSMS.App E:\System\Apps\PhotoSafe\PhotoSafe.App E:\System\Apps\Photographer\Photographer.app E:\System\Apps\PhotoEditor\PhotoEditor.app E:\System\Apps\PhotoBase\PhotoBase.App E:\System\Apps\PhotoAlbum\PhotoAlbum.app E:\System\Apps\photoacute\photoacute.App E:\System\Apps\Phonebook\PhoneBook.app E:\System\Apps\Phoneapp\SDPicMask.mbm E:\System\Apps\Phoneapp\phoneapp_caption.r31 E:\System\Apps\Phoneapp\phoneapp_caption.r159 E:\System\Apps\Phoneapp\PhoneApp.r31 E:\System\Apps\Phoneapp\PhoneApp.r159 E:\System\Apps\Phoneapp\phoneApp.App E:\System\Apps\Phoneapp\Phoneapp.a31 E:\System\Apps\Phoneapp\Phoneapp.a159 E:\System\Apps\Phone\Phone.app E:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC E:\System\Apps\Phone\FREAKPHONE.RSC E:\System\Apps\Phone\FREAKPHONE.APP E:\System\Apps\Phone\FreakPhone.aif E:\System\Apps\Opera\wml.css E:\System\Apps\Opera\opf.css E:\System\Apps\Opera\Opera.r31 E:\System\Apps\Opera\Opera.r159 E:\System\Apps\Opera\opera.def E:\System\Apps\Opera\Opera.App E:\System\Apps\Opera\Opera.a31 E:\System\Apps\Opera\Opera.a159 E:\System\Apps\Opera\csr.css E:\System\Apps\Opera\bookmarks E:\System\Apps\OIDI500\OIDI500.rsc E:\System\Apps\OIDI500\OIDI500.mdl E:\System\Apps\OIDI500\OIDI500.aif E:\System\Apps\NSmlDSSync\NSmlDSSync.app E:\System\Apps\NSmlDMSync\NSmlDMSync.app E:\System\Apps\NpdViewer\NpdViewer.app E:\System\Apps\Notepad\Notepad.app E:\System\Apps\nokiafile\nokiafile_caption.rsc E:\System\Apps\nokiafile\nokiafile.rsc E:\System\Apps\nokiafile\nokiafile.aif E:\System\Apps\nokiafile\img.mbm E:\System\Apps\nokiafile\data.cfg E:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC E:\System\Apps\nokiaapps\nokiaapps.app E:\System\Apps\MusicPlayer\MusicPlayer.r31 E:\System\Apps\MusicPlayer\MusicPlayer.r159 E:\System\Apps\MusicPlayer\MusicPlayer.app E:\System\Apps\MusicPlayer\MusicPlayer.a31 E:\System\Apps\MusicPlayer\MusicPlayer.a159 E:\System\Apps\muma\MuMa.App E:\System\Apps\msn\msn.App E:\System\Apps\MsgMailViewer\MsgMailViewer.app E:\System\Apps\MsgMailEditor\MsgMailEditor.app E:\System\Apps\Mp3Player\Mp3Player.App E:\System\Apps\Mp3Go\Mp3Go.App E:\System\Apps\MmsViewer\MmsViewer.app E:\System\Apps\MmsEditor\MmsEditor.app E:\System\Apps\MMPlayer\MMPlayer.App E:\System\Apps\mmp\mmp.App E:\System\Apps\MMM\MMM.app E:\System\Apps\mmcapp\MMCApp.app E:\System\Apps\MixPix\MixPix.app E:\System\Apps\MidpUi\MidpUi.app E:\System\Apps\MIDIED\MIDIED.App E:\System\Apps\Menu\Menu.app E:\System\Apps\Menu\FreakMenu_caption.rsc E:\System\Apps\Menu\FREAKMENU.RSC E:\System\Apps\Menu\FREAKMENU.APP E:\System\Apps\Menu\FreakMenu.aif E:\System\Apps\MediaSettings\MediaSettings.app E:\System\Apps\MediaPlayer\MediaPlayer.app E:\System\Apps\MediaGallery\MediaGallery.app E:\System\Apps\mce\MCE.app E:\System\Apps\Logs\Logs.app E:\System\Apps\logoMan\logoMan.app E:\System\Apps\location\location.app E:\System\Apps\Launcher\Launcher.app E:\System\Apps\KPCaMain\KPCaMain.App E:\System\Apps\Kill Sadam\zKill sadam.aif E:\System\Apps\Kill Sadam\kill sadam1.rsc E:\System\Apps\Kill Sadam\Kill sadam.rsc E:\System\Apps\Kill Sadam\Kill sadam.app E:\System\Apps\KAS\s.mid E:\System\Apps\KAS\lnotify.rsc E:\System\Apps\KAS\lnotify.mbm E:\System\Apps\KAS\lnotify.app E:\System\Apps\KAS\limages.mbm E:\System\Apps\KAS\KAS_caption.r01 E:\System\Apps\KAS\KAS.r01 E:\System\Apps\KAS\KaS.aif E:\System\Apps\KAS\KAS E:\System\Apps\KAS\Engine.exe E:\System\Apps\KAS\b.dat E:\System\Apps\Jelly\Jelly.App E:\System\Apps\irremote\irRemote.App E:\System\Apps\IrApp\IrApp.app E:\System\Apps\IrApp\IrApp.aif E:\System\Apps\InstWiz\InstWiz.r31 E:\System\Apps\InstWiz\InstWiz.r159 E:\System\Apps\InstWiz\InstWiz.mbm E:\System\Apps\InstWiz\InstWiz.App E:\System\Apps\InstWiz\Instwiz.a31 E:\System\Apps\InstWiz\Instwiz.a159 E:\System\Apps\implus\implus.App E:\System\Apps\ImageViewer\ImageViewer.app E:\System\Apps\ILoveU\ILoveU.RSC E:\System\Apps\ILoveU\ILoveU.aif E:\System\Apps\HantroCP\HantroCP.App E:\System\Apps\Hair\Hair.App E:\System\Apps\GS\GS.app E:\System\Apps\FSServer\FSServer.App E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.r sc E:\System\Apps\FSCaller\FSCaller.App E:\System\Apps\freakbtui\freakbtui.app E:\System\Apps\freakappctrl\freakappctrl.app E:\System\Apps\FMRadio\FMRadio.app E:\System\Apps\flashlight\flashlight.App E:\System\Apps\FiMan\FiMan.r31 E:\System\Apps\FiMan\FiMan.r159 E:\System\Apps\FiMan\FiMan.App E:\System\Apps\FiMan\FiMan.a31 E:\System\Apps\FiMan\FiMan.a159 E:\System\Apps\FileView\FileView.app E:\System\Apps\FileManager\FileManager.app E:\System\Apps\FileGuard\FileGuard.App E:\System\Apps\file\File.App E:\System\Apps\file\File.aif E:\System\Apps\FExplorer\FExplorer_CAPTION.rsC E:\System\Apps\FExplorer\FExplorer.rsc E:\System\Apps\FExplorer\FExplorer.mbm E:\System\Apps\FExplorer\FExplorer.App E:\System\Apps\Fdn\FDN.app E:\System\Apps\FaxModemUi\FaxModemUi.app E:\System\Apps\FaxModemUi\FaxModemUi.aif E:\System\Apps\FaceWarp\FaceWarp.App E:\System\Apps\extendedrecorder\extendedrecorder.A pp E:\System\Apps\ETIPlayer\ETIPlayer.App E:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App E:\System\Apps\ETICamcorder\ETICamcorder.App E:\System\Apps\efileman\efileman.app E:\System\Apps\DVDPlayer\DVDPlayer.App E:\System\Apps\Disinfect\Disinfect.app E:\System\Apps\Dictionary\dictionary.app E:\System\Apps\DdViewer\DdViewer.app E:\System\Apps\data\data_CAPTION.rsC E:\System\Apps\data\data.app E:\System\Apps\cshelp\CSHelp.app E:\System\Apps\Converter\Converter.app E:\System\Apps\ControlPanel\ControlPanel.r31 E:\System\Apps\ControlPanel\ControlPanel.r159 E:\System\Apps\ControlPanel\ControlPanel.App E:\System\Apps\ControlPanel\ControlPanel.a31 E:\System\Apps\ControlPanel\ControlPanel.a159 E:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app E:\System\Apps\Composer\Composer.app E:\System\Apps\CodViewer\CodViewer.app E:\System\Apps\ClockApp\ClockApp.app E:\System\Apps\Chat\Chat.app E:\System\Apps\CF\CF.app E:\System\Apps\CERTSAVER\CERTSAVER.APP E:\System\Apps\CbsUiApp\CbsUiApp.app E:\System\Apps\caribe\caribe.rsc E:\System\Apps\camerafx\CameraFX.App E:\System\Apps\Camera\take_picture.wav E:\System\Apps\Camera\Camera.r31 E:\System\Apps\Camera\Camera.r159 E:\System\Apps\Camera\Camera.app E:\System\Apps\Camera\Camera.aif E:\System\Apps\Camera\Camera.a31 E:\System\Apps\Camera\Camera.a159 E:\System\Apps\Camcorder\Camcorder.app E:\System\Apps\Camcoder\Camcoder.App E:\System\Apps\CallManager\CallManager.App E:\System\Apps\callcheater\callcheater.app E:\System\Apps\Calendar\Calendar.app E:\System\Apps\Calcsoft\CalcSoft.app E:\System\Apps\cabirfix\cabirfix.App E:\System\Apps\bva\bva.app E:\System\Apps\BtUi\BtUi.app E:\System\Apps\BTKbInstall\BTKbInstall_caption.R18 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R13 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R10 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R09 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R08 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R07 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R06 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R05 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R04 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R03 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R02 E:\System\Apps\BTKbInstall\BTKbInstall_caption.R01 E:\System\Apps\BTKbInstall\BTKbInstall.R18 E:\System\Apps\BTKbInstall\BTKbInstall.R13 E:\System\Apps\BTKbInstall\BTKbInstall.R10 E:\System\Apps\BTKbInstall\BTKbInstall.R09 E:\System\Apps\BTKbInstall\BTKbInstall.R08 E:\System\Apps\BTKbInstall\BTKbInstall.R07 E:\System\Apps\BTKbInstall\BTKbInstall.R06 E:\System\Apps\BTKbInstall\BTKbInstall.R05 E:\System\Apps\BTKbInstall\BTKbInstall.R04 E:\System\Apps\BTKbInstall\BTKbInstall.R03 E:\System\Apps\BTKbInstall\BTKbInstall.R02 E:\System\Apps\BTKbInstall\BTKbInstall.R01 E:\System\Apps\BTKbInstall\BTKbInstall.app E:\System\Apps\BTKbInstall\BTKbInstall.aif E:\System\Apps\Browser\Browser.app E:\System\Apps\bootdata\bootdata_CAPTION.rsC E:\System\Apps\bootdata\bootdata.app E:\System\Apps\BlueJackX\BlueJackX.App E:\System\Apps\BlackList\BlackList.App E:\System\Apps\Autolock\Autolock.app E:\System\Apps\Appmngr\AppMngr.app E:\System\Apps\Appinst\Appinst.app E:\System\Apps\Appctrl\AppCtrl.app E:\System\Apps\Appctrl\Appctrl.aif E:\System\Apps\Antivirus\Antivirus.rsc E:\System\Apps\Antivirus\Antivirus.app E:\System\Apps\Anti-Virus\Hydra1.DLL E:\System\Apps\Anti-Virus\FSUpdateManager.dll E:\System\Apps\Anti-Virus\FSSMSManager.dll E:\System\Apps\Anti-Virus\FSSched.rsc E:\System\Apps\Anti-Virus\FSSched.app E:\System\Apps\Anti-Virus\FsAVUpdater.rsc E:\System\Apps\Anti-Virus\FsAVUpdater.app E:\System\Apps\Anti-Virus\FSAVEPOC.DAT E:\System\Apps\Anti-Virus\FSAVDT.exe E:\System\Apps\Anti-Virus\FSAV.dll E:\System\Apps\Anti-Virus\Anti-Virus.rsc E:\System\Apps\Anti-Virus\Anti-Virus.app E:\System\Apps\AnswRec\AnswRec.App E:\System\Apps\AgileMessenger\AgileMessenger.App E:\System\Apps\AD7650\AD7650.App E:\System\Apps\About\About.app E:\System\RECOGS\UltraMP3Rec.mdl E:\System\RECOGS\recAutoExec.mdl E:\System\RECOGS\RecAppForge.mdl E:\System\RECOGS\kas_antivirus.mdl E:\System\RECOGS\jjlas.mdl E:\System\RECOGS\FSRec.mdl E:\System\Parsers\FSBioMessageParser.dll E:\System\libs\ZLIB.DLL E:\System\libs\softwarecopier200.dll E:\System\libs\notification.cmd E:\System\libs\lmpro.r02 E:\System\libs\lmpro.r01 E:\System\libs\licencemanager20s.dll E:\System\libs\kasdll.dll E:\System\help\KasAntivirusHelp.hlp E:\System\Fonts\Kill sadam font.gdr E:\System\Data\welcomeimage.mbm E:\System\Data\magulla.exe E:\System\Data\magulla.dat E:\System\Data\backgroundimage.mbm E:\System\Data\0010155.cfg E:\System\bif\FSBioMessage.bif E:\System\bif\AVBioIcons.mbm E:\System\etelsat.dll E:\System\etelpckt.dll E:\System\etelmm.dll E:\System\ETel.dll E:\System\Bugsis.ICO E:\System\autorun.inf E:\Your Welcome.gif E:\ETel.dll Drops the following threats on to the compromised device, which may overwrite legitimate files and disable many applications:: E:\System\Apps\apps\SystemExplorer\SystemExplorer. app (A copy of SymbOS.Cabir.D) E:\System\Apps\apps\SystemExplorer\flo.mdl (A copy of SymbOS.Cabir.D) E:\System\Apps\apps\SmartMovie\SmartMovie.app (A copy of SymbOS.Cabir.C) E:\System\Apps\apps\SmartMovie\flo.mdl (A copy of SymbOS.Cabir.D) E:\System\Apps\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir.S) E:\System\Apps\apps\PhoneBook\PhoneBook.APP (A copy of SymbOS.Dampig.A) E:\System\Apps\apps\MCE\mce.app (A copy of SymbOS.Dampig.A) E:\System\Apps\apps\MCE\mce.aif (A copy of SymbOS.Dampig.A) E:\System\Apps\apps\iLoveU\iLoveU.app (A copy of SymbOS.Cabir.T) E:\System\Apps\apps\iLoveU\flo.mdl (A copy of SymbOS.Cabir.T) E:\System\Apps\apps\FREAKPhoneBook\FREAKPhoneBook. APP (A copy of SymbOS.Dampig.A) E:\System\Apps\apps\File\flo.mdl (A copy of SymbOS.Cabir.T) E:\System\Apps\apps\File\File.app (A copy of SymbOS.Cabir.T) E:\System\Apps\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir.Q) E:\System\Apps\apps\FExplorer\FExplorer.app (A copy of SymbOS.Cabir.Q) E:\System\Apps\apps\Camcoder\flo.mdl (A copy of SymbOS.Cabir.E) E:\System\Apps\apps\Camcoder\Camcoder.app (A copy of SymbOS.Cabir.E) E:\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ INFO.SIS (A copy of SymbOS.Mabir) E:\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.SIS (A copy of SymbOS.Mabir) E:\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.APP (A copy of SymbOS.Mabir) E:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Voicerecorder\Voicerecorder.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Vm\Vm.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\VCommand\VCommand.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Ussd\Ussd.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ToDo\ToDo.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Tee222\Tee222.app (A copy of SymbOS.Cabir.G) E:\System\Apps\Tee222\222.mdl (A copy of SymbOS.Cabir) E:\System\Apps\SystemExplorer\SystemExplorer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SysAp\SysAp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Startup\Startup.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Speeddial\Speeddial.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SmsViewer\SmsViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SmsEditor\SmsEditor.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SmartFileMan\SmartFileMan.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SimDirectory\SimDirectory.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Sdn\Sdn.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ScreenSaver\ScreenSaver.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\SchemeApp\SchemeApp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Satui\Satui.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\PushViewer\PushViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\PSLN\PSLN.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ProvisioningCx\ProvisioningCx.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ProfileApp\ProfileApp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ProfiExplorer\ProfiExplorer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\PRESENCE\PRESENCE.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Pinboard\Pinboard.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Phonebook\Phonebook.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir.B) E:\System\Apps\NSmlDSSync\NSmlDSSync.aif (A copy SymbOS.Skulls.C) E:\System\Apps\NSmlDMSync\NSmlDMSync.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\NpdViewer\NpdViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Notepad\Notepad.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\nokiafile\nokiafile.app (A copy of SymbOS.Skulls.D) E:\System\Apps\MusicPlayer\MusicPlayer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MsgMailViewer\MsgMailViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MsgMailEditor\MsgMailEditor.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MmsViewer\MmsViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MmsEditor\MmsEditor.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MMM\MMM.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\mmcapp\mmcapp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Menu\Menu.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MediaSettings\MediaSettings.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MediaPlayer\MediaPlayer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\MediaGallery\MediaGallery.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\mce\mce.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Logs\Logs.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\location\location.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\install\autoexecdaemon.SIS (A copy of SymbOS.Cabir.C) E:\System\Apps\ImageViewer\ImageViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ILoveU\ILU.mdl (A copy of SymbOS.Cabir) E:\System\Apps\ILoveU\ILoveU.APP (A copy of SymbOS.Cabir) E:\System\Apps\GS\GS.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.m dl (A copy of SymbOS.Cabir) E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.a pp (A copy of SymbOS.Cabir.B) E:\System\Apps\FileView\FileView.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\FileManager\FileManager.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir.Q) E:\System\Apps\FExplorer\FExplorer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\efileman\efileman.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Dictionary\Dictionary.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\DdViewer\DdViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\cshelp\cshelp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Converter\Converter.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\CodViewer\CodViewer.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\ClockApp\ClockApp.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Chat\Chat.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\CERTSAVER\CERTSAVER.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\CbsUiApp\CbsUiApp.aif (A copy of SymbOS.Skulls.C)) E:\System\Apps\caribe\flo.mdl (A copy of SymbOS.Mabir) E:\System\Apps\caribe\caribe.app (A copy of SymbOS.Mabir) E:\System\Apps\Camcorder\Camcorder.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Calendar\Calendar.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Calcsoft\Calcsoft.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\bva\bva.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\BtUi\BtUi.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\BTKbInstall\BTKeyboard_Generic_Copy .sis (A copy of SymbOS.Skulls.N) E:\System\Apps\BTKbInstall\BTKeyboard_Generic.sis (A copy of SymbOS.Skulls.N) E:\System\Apps\Browser\Browser.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Autolock\Autolock.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Appmngr\AppMngr.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Appinst\AppInst.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Anti-Virus\FSSched.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Anti-Virus\FsAVUpdater.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\Anti-Virus\Anti-Virus.aif (A copy of SymbOS.Skulls.C) E:\System\Apps\About\About.aif (A copy of SymbOS.Skulls.C) E:\System\RECOGS\YYSBootRec.mdl (A copy of SymbOS.Skulls.D) E:\System\RECOGS\mod.MDL (A copy of SymbOS.Cabir.F) E:\System\RECOGS\ILU.mdl (A copy of SymbOS.Cabir) E:\System\RECOGS\flo.mdl (A copy of SymbOS.Mabir) E:\System\RECOGS\$$$.MDL (A copy of SymbOS.Cabir.M) E:\System\Fonts\Kaspersky.gdr (A copy of SymbOS.Fontal.A) E:\System\Fonts\11x12 euro_fonts.gdr (A copy of SymbOS.Fontal.A) E:\System\MMS.exe (A copy of SymbOS.Commwarrior.B) E:\System\infectSIS.exe (A copy of SymbOS.Lasco.A) E:\System\Apps.com (A copy of EICAR Test String) Creates the following file: C:\system\install\Offical Symbian OS Update v80 ® 2005 Symbian Ltd.sis NOTE: This file is actually created by the phone Installer, not the threat. Displays the following message: This Installation was created with KVT Symbian Installer. Get it free from : [www].kvtsoft.vze.com/[REMOVED] by Kheng Vantha --------------- This is an offical update for the Symbian OS, version 8.0 Its recommended to do this! Please take some of your time to read this: Why update: -Fix known security flaws. -New functions, options and support for more formats. -Incrase the opration speed and free more space for your own files. -This is an offical update, so its free, it will only cost you some of yor time to do this. -100% Secure. This file take some space so we recommend you to free enough space on yor phone, you should put this installation file in your memory card before installing so you get enough free space on your hone, so the installation progress will be faster! Thank you for your support! about: Symbian is a software licensing company that develops and supplies the advanced, open, standard operating system Symbian OS - for data-enabled mobile phones. 2005 Symbian Ltd. [Link nur für registrierte Mitglieder sichtbar.] |
|
|
|
|
|
22.07.2007, 21:37
|
#7 (Permalink) |
|
Administrator
Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone
Avatare sind nur für MFF-Mitglieder sichtbar!
Bike Mania Champion!Registriert seit: 17.04.2006
Ort: Erfurt
Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt.
Downloads: 341
Uploads: 325
Abgegebene Danke: 47
Erhielt 484 Danke für 265 Beiträge
|
[SymbianOS] SymbOS.Cardtrp.I
Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 12.12.2005 auch bekannt als: Cardtrap.I [F-Secure], SYMBOS_CARDTRP.G [Trend Micro] Information: SymbOS.Cardtrp.I is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables some applications installed on the device and drops threats onto the device's memory card, which can compromise computers running Windows. The Trojan reportedly arrives as CAMERAMAGICA_final_cracked.sis. When a user clicks on this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cardtrp.I is executed, it performs the following actions: Displays the following message prompting the user to install the .sis file: Install CAMERAMAGICA_final_cracked Drops the following files to disable various applications on the compromised device: .\Computer Risk.exe (Detected as W32.HLLW.Cydog@mm) .\fsb.exe, which is a Backdoor.Berbew.N .\Anti-VirusPack(Pack1).SIS (Detected as SymbOS.Cabir.C) .\Anti-VirusPack(Pack1)0.SIS (Detected as SymbOS.Cabir.C) C:\autorun.inf C:\ETel.dll C:\etelmm.dll C:\etelpckt.dll C:\etelsat.dll C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\ jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif C:\system\apps\Anti-Virus\Anti-Virus.app C:\system\apps\Anti-Virus\Anti-Virus.rsc C:\system\apps\Anti-Virus\FSAVDT.exe C:\system\apps\Anti-Virus\FSAVEPOC.DAT C:\system\apps\Anti-Virus\FsAVUpdater.app C:\system\apps\Anti-Virus\FsAVUpdater.rsc C:\system\apps\AntiVirus\Antivirus.app C:\system\apps\AntiVirus\Antivirus.rsc C:\system\apps\AntiVirus\flo.mdl (Detected as SymbOS.Cabir) |
![[SymbianOS] SymbOS.Cardtrp](http://www.mobilfunk-faq.info/iconimages/verzeichnis-aktueller-mobiltelefonviren/symbianos-symbos-cardtrp_ltr.gif)
