[SymbianOS] SymbOS.Cdropper - Mobilfunk-FAQ

Hangman · 23.07.2007, 16:39

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 22.12.2004
auch bekannt als: Cdropper.B [F-Secure]

Information:

SymbOS.Cdropper.B is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir onto the compromised device.

SymbOS.Cdropper.B reportedly arrives as Sexxxy.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.B is executed, it performs the following actions:
Display the following message prompting the user to install the threat:

Install
Sexxxy Pictures of Me

Drops the following files:

C:\System\Apps\Menu\menu.aif
C:\System\Apps\Menu\Menu.app
C:\System\Apps\OIDI500\OIDI500.aif
C:\System\Apps\OIDI500\OIDI500.app (Detected as SymbOS.Cabir)
E:\System\Apps\Menu\menu.aif
E:\System\Apps\Menu\Menu.app
E:\System\Apps\OIDI500\OIDI500.aif
E:\System\Apps\OIDI500\OIDI500.app (Detected as SymbOS.Cabir)

The following file is also created by the device Installer, not the threat:

\system\install\Sexxxy.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 16:51

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 30.11.2004
auch bekannt als: keine Angabe

Information:

SymbOS.Cdropper.C is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.B and SymbOS.Cdropper variants onto the compromised device.

Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Cabir.B.

The Trojan reportedly arrives as Camtimer.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.C is executed, it performs the following actions:

Displays the following message prompting the user to install the threat:

Install
Camtimer

Displays the following message to the user:

This is advanced camera timer for your phone!

Drops the following files:

[DRIVE LETTER]:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B
[DRIVE LETTER]:\system\Apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\apps\CamTimer\camtimer.app
[DRIVE LETTER]:\system\apps\CamTimer\camtimer.rsc
[DRIVE LETTER]:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.app, which is a copy of SymbOS.Cabir.B
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.sis, which is a SymbOS.Cdropper variant
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.rsc
[DRIVE LETTER]:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir

The following file is also created by the device Installer, not the threat:

[DRIVE LETTER]:\system\install\Camtimer.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 16:53

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 01.02.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Cdropper.D is a Trojan horse program that drops SymbOS.Cabir variants as well as other security threats.

Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Locknut.

The Trojan Horse reportedly arrives as the following file:
Server.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.D is executed, it performs the following actions:
Display the following message prompting the user to install the threat:

Install
Server

Displays the following message to the user:

Patch by artik100

Drops the following files:

[DRIVE LETTER]:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B
[DRIVE LETTER]:\system\Apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.app, which is a copy of SymbOS.Cabir.B
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.sis, which is a copy of SymbOS.Locknut
t[DRIVE ETTER]:\system\CARIBESECURITYMANAGER\caribe.rsc
[DRIVE LETTER]:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir

The following file is also created by the device Installer, not the Trojan Horse itself:

\system\install\Server.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 16:56

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 01.02.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Cdropper.E is a Trojan Horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops the SymbOS.Cabir.B worm and SymbOS.Locknut Trojan to the compromised device.

Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Locknut.

The Trojan reportedly arrives as VirusServer.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.E is executed, it performs the following functions:

Displays the following message prompting the user to install the threat:

Install
VirusServer

Displays a message that contains double-byte characters.

Drops the following files:

C:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B
C:\system\Apps\caribe\caribe.rsc
C:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir
C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.app, which is a copy of SymbOS.Cabir.B
C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.rsc
C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.sis, which is a copy of a SymbOS.Locknut variant
C:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir

The following file is also created by the device Installer, not the Trojan itself:

\system\install\VirusServer.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 16:59

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 28.06.2006
auch bekannt als: Cdropper.F [F-Secure]

Information:

SymbOS.Cdropper.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.B, SymbOS.Cabir.C, SymbOS.Cabir.D, and SymbOS.Cabir.E to the compromised device.

SymbOS.Cdropper.F reportedly arrives as TVSMobile_-by9546.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.F is executed, it performs the following actions:

Display the following message prompting the user to install the threat:

Install
TVSMobile_-by9546.sis

Displays the following message to the user:

This installer was created with MakeSis 0.9 by Gip. For info: [Link nur für registrierte Mitglieder sichtbar.]

Drops the following files:

[DRIVE LETTER]:\images\images01.SIS (A copy of SymbOS.Cabir.D)
[DRIVE LETTER]:\sounds\digital\002.SIS (A copy of SymbOS.Cabir.D)
[DRIVE LETTER]:\system\apps\BtUi\BTUI.R01
[DRIVE LETTER]:\system\apps\BtUi\BTUI.R13
[DRIVE LETTER]:\system\apps\BtUi\BTUI.aif
[DRIVE LETTER]:\system\apps\BtUi\BTUI.app
[DRIVE LETTER]:\system\apps\BtUi\BTUI_CAPTION.R13
[DRIVE LETTER]:\system\apps\BtUi\BTUI_CAPTION.r01
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer.aif
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer.rsc
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer_CAPTION.rsC
[DRIVE LETTER]:\system\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R01
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R13
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.aif
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.app
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.R13
[DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.r01
[DRIVE LETTER]:\system\apps\File\File.aif
[DRIVE LETTER]:\system\apps\File\File.app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\File\File.rsc
[DRIVE LETTER]:\system\apps\File\File_CAPTION.rsC
[DRIVE LETTER]:\system\apps\File\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.aif
[DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.rsc
[DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan_CAPTION.rs C
[DRIVE LETTER]:\system\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.rsc
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie_CAPTION.rsC
[DRIVE LETTER]:\system\apps\SmartMovie\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.aif
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.rsc
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer_CAPTIO N.rsC
[DRIVE LETTER]:\system\apps\SystemExplorer\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].aif
[DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].app (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].rsc
[DRIVE LETTER]:\system\apps\[YUAN]\[YUAN]_CAPTION.rsC
[DRIVE LETTER]:\system\apps\[YUAN]\flo.mdl (A copy of SymbOS.Cabir.E)
[DRIVE LETTER]:\system\install\.SIS (A copy of SymbOS.Cabir.C)
[DRIVE LETTER]:\system\install\comcoder.SIS (A copy of SymbOS.Cabir.B)
[DRIVE LETTER]:\system\recogs\flo.mdl (A copy of SymbOS.Cabir.E)

The following file is also created by the device Installer, not the threat:

\system\install\TVSMobile_-by9546.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 17:04

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 28.06.2006
auch bekannt als: Cdropper.M [F-Secure]

Information:

SymbOS.Cdropper.G is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.T and SymbOS.Skulls.C to the compromised device.

SymbOS.Cdropper.G reportedly arrives as SystemExplorer.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.G is executed, it performs the following actions:

Arrives as the following file:

SystemExplorer.sis
Display the following message prompting the user to install the threat:

Install
SystemExplorer

Displays the following message to the user:

This Installation was created with KVT Symbian Installer.
Get it free from :
[Link nur für registrierte Mitglieder sichtbar.] [REMOVE]com
by
---------------
System.Explorer.v1.7 crack OIDI500

Drops the following files:

C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.APP (A copy of SymbOS.Cabir.T)
C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.RSC
C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.sis (A copy of SymbOS.Skulls.C)
E:\system\apps\SystemExplorer\getstart
E:\system\apps\SystemExplorer\license.txt
E:\system\apps\SystemExplorer\lmdll.dll
E:\system\apps\SystemExplorer\panics.db
E:\system\apps\SystemExplorer\SystemExplorer.aif
E:\system\apps\SystemExplorer\SystemExplorer.app
E:\system\apps\SystemExplorer\SystemExplorer.mbm
E:\system\apps\SystemExplorer\SystemExplorer.rsc
E:\system\apps\SystemExplorer\SystemExplorer_capti on.rsc
E:\system\apps\SystemExplorer\warning.txt
E:\test.zip, which contains some clean .bmp files

The following file is also created by the device Installer, not the threat:

\system\install\SystemExplorer.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 17:08

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 30.11.2004
auch bekannt als: Cdropper.H [F-Secure], Worm.SymbOS.Cabir.c [Kaspersky]

Information:

SymbOS.Cdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B (MCID 4099) onto the compromised device.

technische Details:

SymbOS.Cdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B (MCID 4099) onto the compromised device.

The Trojan can be dropped by SymbOS.Cdropper.C (MCID 6681) or SymbOS.Skulls.B (MCID 3889) as the following file:
CAMTIMER.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device will display the following message prompting the user to install the threat:
Install
CAMTIMER

It displays the following message to the user:
This is camtimer for your phone as Nokia smartphone or Siemens SX1

Once executed, the Trojan drops the following files:
C:\system\apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B (MCID 4099)
C:\system\apps\caribe\caribe.rsc
C:\system\apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir.B (MCID 4099)
C:\system\apps\CamTimer\camtimer.app
C:\system\apps\CamTimer\camtimer.rsc

The following file is also created by the device Installer, not the threat:
\system\install\CAMTIMER.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 17:09

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 28.06.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Cdropper.I is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops the SymbOS.Cabir worm and SymbOS.Locknut Trojan to the compromised device.

The Trojan horse reportedly arrives as MMFpatch.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.I is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
MMFpatch

Displays the following message to the user:

MMFpatch

Drops the following files:

[DRIVE LETTER]:\system\apps\gavnor\flo.mdl
[DRIVE LETTER]:\system\apps\gavnor\gavnor.app, which is a copy of SymbOS.Cabir
[DRIVE LETTER]:\system\apps\gavnor\gavnor.rsc
[DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn.app
[DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn.rsc
[DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn_caption.rsc
[DRIVE LETTER]:\system\recogs\flo.mdl
[DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.app, which is a copy of SymbOS.Cabir
[DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.rsc
[DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.sis, which is a copy of SymbOS.Locknut

The following file is also created by the device Installer, not the Trojan horse itself:

\system\install\MMFpatch.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 17:33

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 29.06.2006
auch bekannt als: CDropper.J [F-Secure]

Information:

SymbOS.Cdropper.J is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B onto the compromised device.

SymbOS.Cdropper.J reportedly arrives as New_wma_play_on_UltraMP3.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.J is executed, it performs the following functions:
Display the following message prompting the user to install the threat:

Install
New_wma_play_on_UltraMP3

Displays the following message to the user:

This installer New_wma_play_on_UltraMP3+ Restart you Phone full ver 1.52+ mp3 ogg wma Others lab417 nopjj

Drops the following files:

C:\system\apps\MAV\MAV.app
C:\system\FONTS\0000000000000000000000000000000000 0000000000000000000000.gdr
[DRIVE LETTER]:\system\apps\AntiVirus\AntiVirus.app
[DRIVE LETTER]:\system\apps\cabirfix\cabirfix.app
[DRIVE LETTER]:\system\apps\EVS\EVS.app
[DRIVE LETTER]:\system\apps\FCommwarrior\FCommwarrior.app
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app

Installs the following SymbOS.Cabir.B components onto the compromised device:

[DRIVE LETTER]:\system\apps\caribe\caribe.app
[DRIVE LETTER]:\system\apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\apps\caribe\flo.mdl

The following file is also created by the device Installer, not the Trojan itself:

\system\install\New_wma_play_on_UltraMP3.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 17:43

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 28.06.2006
auch bekannt als: Cdropper.K [F-Secure]

Information:

SymbOS.Cdropper.K is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of the SymbOS.Cabir.B worm onto the compromised device.

SymbOS.Cdropper.K reportedly arrives as New_cabirfix AntiVirus.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Cdropper.K is executed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
New_cabirfix AntiVirus

Displays the following message to the user:

This installer New cabirfix AntiVirus Restart you Phone full AntiVirus lab417 nopjj

Drops the following files:

C:\system\FONTS\0000000000000000000000000000000000 0000000000000000000000.gdr
C:\system\apps\MAV\MAV.app
[DRIVE LETTER]:\system\apps\AntiVirus\AntiVirus.app
[DRIVE LETTER]:\system\apps\cabirfix\cabirfix.app
[DRIVE LETTER]:\system\apps\EVS\EVS.app
[DRIVE LETTER]:\system\apps\FCommwarrior\FCommwarrior.app
[DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app
[DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif
[DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app

Installs the following SymbOS.Cabir.B components to the compromised device:

[DRIVE LETTER]:\system\apps\caribe\caribe.app
[DRIVE LETTER]:\system\apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\apps\caribe\flo.mdl

The following file is also created by the device Installer, not the threat:

\system\install\New_cabirfix AntiVirus.sis

[Link nur für registrierte Mitglieder sichtbar.]

23.07.2007, 16:39	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.B Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 22.12.2004 auch bekannt als: Cdropper.B [F-Secure] Information: SymbOS.Cdropper.B is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir onto the compromised device. SymbOS.Cdropper.B reportedly arrives as Sexxxy.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.B is executed, it performs the following actions: Display the following message prompting the user to install the threat: Install Sexxxy Pictures of Me Drops the following files: C:\System\Apps\Menu\menu.aif C:\System\Apps\Menu\Menu.app C:\System\Apps\OIDI500\OIDI500.aif C:\System\Apps\OIDI500\OIDI500.app (Detected as SymbOS.Cabir) E:\System\Apps\Menu\menu.aif E:\System\Apps\Menu\Menu.app E:\System\Apps\OIDI500\OIDI500.aif E:\System\Apps\OIDI500\OIDI500.app (Detected as SymbOS.Cabir) The following file is also created by the device Installer, not the threat: \system\install\Sexxxy.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 16:51	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.C Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 30.11.2004 auch bekannt als: keine Angabe Information: SymbOS.Cdropper.C is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.B and SymbOS.Cdropper variants onto the compromised device. Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Cabir.B. The Trojan reportedly arrives as Camtimer.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.C is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install Camtimer Displays the following message to the user: This is advanced camera timer for your phone! Drops the following files: [DRIVE LETTER]:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B [DRIVE LETTER]:\system\Apps\caribe\caribe.rsc [DRIVE LETTER]:\system\apps\CamTimer\camtimer.app [DRIVE LETTER]:\system\apps\CamTimer\camtimer.rsc [DRIVE LETTER]:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir [DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.app, which is a copy of SymbOS.Cabir.B [DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.sis, which is a SymbOS.Cdropper variant [DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.rsc [DRIVE LETTER]:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir The following file is also created by the device Installer, not the threat: [DRIVE LETTER]:\system\install\Camtimer.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 16:53	#3 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.D Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 01.02.2005 auch bekannt als: keine Angabe Information: SymbOS.Cdropper.D is a Trojan horse program that drops SymbOS.Cabir variants as well as other security threats. Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Locknut. The Trojan Horse reportedly arrives as the following file: Server.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.D is executed, it performs the following actions: Display the following message prompting the user to install the threat: Install Server Displays the following message to the user: Patch by artik100 Drops the following files: [DRIVE LETTER]:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B [DRIVE LETTER]:\system\Apps\caribe\caribe.rsc [DRIVE LETTER]:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir [DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.app, which is a copy of SymbOS.Cabir.B [DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.sis, which is a copy of SymbOS.Locknut t[DRIVE ETTER]:\system\CARIBESECURITYMANAGER\caribe.rsc [DRIVE LETTER]:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir The following file is also created by the device Installer, not the Trojan Horse itself: \system\install\Server.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 16:56	#4 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.E Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 01.02.2005 auch bekannt als: keine Angabe Information: SymbOS.Cdropper.E is a Trojan Horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops the SymbOS.Cabir.B worm and SymbOS.Locknut Trojan to the compromised device. Note: Virus definitions dated June 28, 2006 or earlier may detect this threat as SymbOS.Locknut. The Trojan reportedly arrives as VirusServer.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.E is executed, it performs the following functions: Displays the following message prompting the user to install the threat: Install VirusServer Displays a message that contains double-byte characters. Drops the following files: C:\system\Apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B C:\system\Apps\caribe\caribe.rsc C:\system\Apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.app, which is a copy of SymbOS.Cabir.B C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.rsc C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ caribe.sis, which is a copy of a SymbOS.Locknut variant C:\system\RECOGS\flo.mdl, which is a copy of SymbOS.Cabir The following file is also created by the device Installer, not the Trojan itself: \system\install\VirusServer.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 16:59	#5 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.F Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 28.06.2006 auch bekannt als: Cdropper.F [F-Secure] Information: SymbOS.Cdropper.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.B, SymbOS.Cabir.C, SymbOS.Cabir.D, and SymbOS.Cabir.E to the compromised device. SymbOS.Cdropper.F reportedly arrives as TVSMobile_-by9546.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.F is executed, it performs the following actions: Display the following message prompting the user to install the threat: Install TVSMobile_-by9546.sis Displays the following message to the user: This installer was created with MakeSis 0.9 by Gip. For info: [Link nur für registrierte Mitglieder sichtbar.] Drops the following files: [DRIVE LETTER]:\images\images01.SIS (A copy of SymbOS.Cabir.D) [DRIVE LETTER]:\sounds\digital\002.SIS (A copy of SymbOS.Cabir.D) [DRIVE LETTER]:\system\apps\BtUi\BTUI.R01 [DRIVE LETTER]:\system\apps\BtUi\BTUI.R13 [DRIVE LETTER]:\system\apps\BtUi\BTUI.aif [DRIVE LETTER]:\system\apps\BtUi\BTUI.app [DRIVE LETTER]:\system\apps\BtUi\BTUI_CAPTION.R13 [DRIVE LETTER]:\system\apps\BtUi\BTUI_CAPTION.r01 [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.aif [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.rsc [DRIVE LETTER]:\system\apps\FExplorer\FExplorer_CAPTION.rsC [DRIVE LETTER]:\system\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R01 [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R13 [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.aif [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.app [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.R13 [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.r01 [DRIVE LETTER]:\system\apps\File\File.aif [DRIVE LETTER]:\system\apps\File\File.app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\File\File.rsc [DRIVE LETTER]:\system\apps\File\File_CAPTION.rsC [DRIVE LETTER]:\system\apps\File\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.aif [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.rsc [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan_CAPTION.rs C [DRIVE LETTER]:\system\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.rsc [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie_CAPTION.rsC [DRIVE LETTER]:\system\apps\SmartMovie\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.aif [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.rsc [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer_CAPTIO N.rsC [DRIVE LETTER]:\system\apps\SystemExplorer\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].aif [DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].app (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\apps\[YUAN]\[YUAN].rsc [DRIVE LETTER]:\system\apps\[YUAN]\[YUAN]_CAPTION.rsC [DRIVE LETTER]:\system\apps\[YUAN]\flo.mdl (A copy of SymbOS.Cabir.E) [DRIVE LETTER]:\system\install\.SIS (A copy of SymbOS.Cabir.C) [DRIVE LETTER]:\system\install\comcoder.SIS (A copy of SymbOS.Cabir.B) [DRIVE LETTER]:\system\recogs\flo.mdl (A copy of SymbOS.Cabir.E) The following file is also created by the device Installer, not the threat: \system\install\TVSMobile_-by9546.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 17:04	#6 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.G Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 28.06.2006 auch bekannt als: Cdropper.M [F-Secure] Information: SymbOS.Cdropper.G is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops copies of SymbOS.Cabir.T and SymbOS.Skulls.C to the compromised device. SymbOS.Cdropper.G reportedly arrives as SystemExplorer.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.G is executed, it performs the following actions: Arrives as the following file: SystemExplorer.sis Display the following message prompting the user to install the threat: Install SystemExplorer Displays the following message to the user: This Installation was created with KVT Symbian Installer. Get it free from : [Link nur für registrierte Mitglieder sichtbar.] [REMOVE]com by --------------- System.Explorer.v1.7 crack OIDI500 Drops the following files: C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.APP (A copy of SymbOS.Cabir.T) C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.RSC C:\system\Symbiansecuredata\iLoveUSECURITYMANAGER\ iLoveU.sis (A copy of SymbOS.Skulls.C) E:\system\apps\SystemExplorer\getstart E:\system\apps\SystemExplorer\license.txt E:\system\apps\SystemExplorer\lmdll.dll E:\system\apps\SystemExplorer\panics.db E:\system\apps\SystemExplorer\SystemExplorer.aif E:\system\apps\SystemExplorer\SystemExplorer.app E:\system\apps\SystemExplorer\SystemExplorer.mbm E:\system\apps\SystemExplorer\SystemExplorer.rsc E:\system\apps\SystemExplorer\SystemExplorer_capti on.rsc E:\system\apps\SystemExplorer\warning.txt E:\test.zip, which contains some clean .bmp files The following file is also created by the device Installer, not the threat: \system\install\SystemExplorer.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 17:08	#7 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.H Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 30.11.2004 auch bekannt als: Cdropper.H [F-Secure], Worm.SymbOS.Cabir.c [Kaspersky] Information: SymbOS.Cdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B (MCID 4099) onto the compromised device. technische Details: SymbOS.Cdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B (MCID 4099) onto the compromised device. The Trojan can be dropped by SymbOS.Cdropper.C (MCID 6681) or SymbOS.Skulls.B (MCID 3889) as the following file: CAMTIMER.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install CAMTIMER It displays the following message to the user: This is camtimer for your phone as Nokia smartphone or Siemens SX1 Once executed, the Trojan drops the following files: C:\system\apps\caribe\caribe.app, which is a copy of SymbOS.Cabir.B (MCID 4099) C:\system\apps\caribe\caribe.rsc C:\system\apps\caribe\flo.mdl, which is a copy of SymbOS.Cabir.B (MCID 4099) C:\system\apps\CamTimer\camtimer.app C:\system\apps\CamTimer\camtimer.rsc The following file is also created by the device Installer, not the threat: \system\install\CAMTIMER.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 17:09	#8 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.I Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 28.06.2006 auch bekannt als: keine Angabe Information: SymbOS.Cdropper.I is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops the SymbOS.Cabir worm and SymbOS.Locknut Trojan to the compromised device. The Trojan horse reportedly arrives as MMFpatch.sis. If a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.I is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install MMFpatch Displays the following message to the user: MMFpatch Drops the following files: [DRIVE LETTER]:\system\apps\gavnor\flo.mdl [DRIVE LETTER]:\system\apps\gavnor\gavnor.app, which is a copy of SymbOS.Cabir [DRIVE LETTER]:\system\apps\gavnor\gavnor.rsc [DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn.app [DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn.rsc [DRIVE LETTER]:\system\apps\gavnoreturn\gavnoreturn_caption.rsc [DRIVE LETTER]:\system\recogs\flo.mdl [DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.app, which is a copy of SymbOS.Cabir [DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.rsc [DRIVE LETTER]:\system\symbiansecuredata\gavnosecuritymanager\ga vnor.sis, which is a copy of SymbOS.Locknut The following file is also created by the device Installer, not the Trojan horse itself: \system\install\MMFpatch.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 17:33	#9 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.J Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 29.06.2006 auch bekannt als: CDropper.J [F-Secure] Information: SymbOS.Cdropper.J is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of SymbOS.Cabir.B onto the compromised device. SymbOS.Cdropper.J reportedly arrives as New_wma_play_on_UltraMP3.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.J is executed, it performs the following functions: Display the following message prompting the user to install the threat: Install New_wma_play_on_UltraMP3 Displays the following message to the user: This installer New_wma_play_on_UltraMP3+ Restart you Phone full ver 1.52+ mp3 ogg wma Others lab417 nopjj Drops the following files: C:\system\apps\MAV\MAV.app C:\system\FONTS\0000000000000000000000000000000000 0000000000000000000000.gdr [DRIVE LETTER]:\system\apps\AntiVirus\AntiVirus.app [DRIVE LETTER]:\system\apps\cabirfix\cabirfix.app [DRIVE LETTER]:\system\apps\EVS\EVS.app [DRIVE LETTER]:\system\apps\FCommwarrior\FCommwarrior.app [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app Installs the following SymbOS.Cabir.B components onto the compromised device: [DRIVE LETTER]:\system\apps\caribe\caribe.app [DRIVE LETTER]:\system\apps\caribe\caribe.rsc [DRIVE LETTER]:\system\apps\caribe\flo.mdl The following file is also created by the device Installer, not the Trojan itself: \system\install\New_wma_play_on_UltraMP3.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 17:43	#10 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.047 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 266 Uploads: 289 Abgegebene Danke: 35 Erhielt 307 Danke für 189 Beiträge	[SymbianOS] SymbOS.Cdropper.K Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 28.06.2006 auch bekannt als: Cdropper.K [F-Secure] Information: SymbOS.Cdropper.K is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a copy of the SymbOS.Cabir.B worm onto the compromised device. SymbOS.Cdropper.K reportedly arrives as New_cabirfix AntiVirus.sis. If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Cdropper.K is executed, it performs the following actions: Displays the following message prompting the user to install the threat: Install New_cabirfix AntiVirus Displays the following message to the user: This installer New cabirfix AntiVirus Restart you Phone full AntiVirus lab417 nopjj Drops the following files: C:\system\FONTS\0000000000000000000000000000000000 0000000000000000000000.gdr C:\system\apps\MAV\MAV.app [DRIVE LETTER]:\system\apps\AntiVirus\AntiVirus.app [DRIVE LETTER]:\system\apps\cabirfix\cabirfix.app [DRIVE LETTER]:\system\apps\EVS\EVS.app [DRIVE LETTER]:\system\apps\FCommwarrior\FCommwarrior.app [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app [DRIVE LETTER]:\system\apps\SmartMovie\SmartMovie.aif [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app Installs the following SymbOS.Cabir.B components to the compromised device: [DRIVE LETTER]:\system\apps\caribe\caribe.app [DRIVE LETTER]:\system\apps\caribe\caribe.rsc [DRIVE LETTER]:\system\apps\caribe\flo.mdl The following file is also created by the device Installer, not the threat: \system\install\New_cabirfix AntiVirus.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln