[SymbianOS] SymbOS.Commdropper - Mobilfunk-FAQ

Hangman · 23.07.2007, 18:25

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 17.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commdropper.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.F onto the compromised device.

technische Details:

It has been reported that the Trojan arrives as the following file:
Update TomTom Mobile 5.40.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
Update TomTom Mobile 5.40

When SymbOS.Commdropper.A is executed, it performs the following actions:
May display the following message when installed:

In order to update the application of its movable device, memory card recorder must have lector/una. Microsoft ActiveSync?, Sony Ericsson PC suite or Nokia PC cannot be used Suite to install this update. We recommended to him encarecidamente that it makes a backup of its memory card of TomTom MOBILE before installing the new application. The following passages of update of the application include a passage for the accomplishment of a backup. No of the following steps skips.

Cracked & Updated by [REMOVED]. (The life is a way. You do not
lose yourself. )

Drops the following files:

[DRIVE LETTER]\system\apps\TTMOBILE\CurrentMap.dat
[DRIVE LETTER]\system\apps\TTMOBILE\Game.cfg
[DRIVE LETTER]\system\apps\TTMOBILE\TREMOR.dll
[DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.APP
[DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.APP_org
[DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.RSC
[DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.aif
[DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.mbm
[DRIVE LETTER]\system\apps\TTNCONTACTS\RecQWRD.mdl
[DRIVE LETTER]\system\apps\TTNCONTACTS\TTNCONTACTS.exe (A copy of SymbOS.Commwarrior.F.)

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The following file is also created by the device Installer, not the Trojan itself:

[DRIVE LETTER]\system\install\Update TomTom Mobile 5.40.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:27

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 18.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commdropper.B is a Trojan horse that affects the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops several SymbOS.Commwarrior variants on the compromised device.

The Trojan reportedly arrives as SymbWarriorz.sis. When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Commdropper.B is executed, it performs the following actions:
Display the following message prompting the user to install the threat:

Install
SymbWarriorz

Drops the following files:

[DRIVE LETTER]\System\apps\CommWarrior\commrec.mdl (which is detected as SymbOS.Commwarrior.A)
[DRIVE LETTER]\System\apps\CommWarrior\commwarrior.exe (which is detected as SymbOS.Commwarrior.A)
[DRIVE LETTER]\System\apps\MusicPlayer\Inition.mdl (which is detected as SymbOS.Commwarrior.D)
[DRIVE LETTER]\System\apps\MusicPlayer\MusicPlayer.exe (which is detected as SymbOS.Commwarrior.D)
[DRIVE LETTER]\System\programs\cworec.mdl (which is detected as SymbOS.Commwarrior.C)
[DRIVE LETTER]\System\programs\cwoutcast.exe (which is detected as SymbOS.Commwarrior.C)

The following file is also created by the device Installer, not the Trojan itself:

\System\install\SymbWarriorz.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:46

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 17.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commdropper.C is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.D on the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Mp3 UltraDJ.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
Mp3 UltraDJ

When SymbOS.Commdropper.C is executed, it performs the following actions:
Drops the following files:

[DRIVE LETTER]\system\apps\UltraMp3\czech.txt
[DRIVE LETTER]\system\apps\UltraMp3\english.txt
[DRIVE LETTER]\system\apps\UltraMp3\res\font.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\skin.ini
[DRIVE LETTER]\system\apps\UltraMp3\res\skin.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\spr.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\spr.txt
[DRIVE LETTER]\system\apps\UltraMp3\res\spr_a.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo.txt
[DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo_a.pcx
[DRIVE LETTER]\system\apps\UltraMp3\res\UltraDemo.mp3
[DRIVE LETTER]\system\apps\UltraMp3\res\UltraDemo.s3m
[DRIVE LETTER]\system\apps\UltraMp3\Skins\Ferrari.mp3skin
[DRIVE LETTER]\system\apps\UltraMp3\Skins\Technic.mp3skin
[DRIVE LETTER]\system\apps\UltraMp3\Skins\Tiger.mp3skin
[DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.aif
[DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.app
[DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.rsc
[DRIVE LETTER]\system\apps\UltraPlayer\Inition.mdl
[DRIVE LETTER]\system\recogs\UltraMP3Rec.mdl
[DRIVE LETTER]\system\apps\UltraPlayer\UltraPlayer.exe (A copy of SymbOS.Commwarrior.D.)

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The following file is also created by the device Installer, not the Trojan itself:

\system\install\Mp3 UltraDJ.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:48

Risiko: sehr gering
Typ: Trpjanisches Pferd
entdeckt am: 05.06.2005
auch bekannt als: SymbOS.Commdropper.D

Information:

SymbOS.Commdropper.D is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.D on the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

SanValentin.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Te Quiero

When SymbOS.Commdropper.D is executed, it performs the following actions:

Displays the following during installtion:

Alguien a quien le importas te ha mandado
un beso.

Por algo sera...

Drops the following files:

[DRIVELETTER]\system\apps\Filexplorer\Filexplorer.exe (A copy of SymbOS.Commwarrior.D)
[DRIVELETTER]\system\apps\Filexplorer\Systems.mdl
[DRIVELETTER]\system\Kissme.gif

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\SanValentin.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:50

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 23.06.2006
auch bekannt als: Commdropper.C [F-Secure]

Information:

SymbOS.Commdropper.F is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.N on the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

FileXplorer.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
F-Explorer 1.6

When SymbOS.Commdropper.F is executed, it performs the following actions:

Displays the following message to the user:

FileXplorer 1.06 for Symbian SmartPhones. Explorer of archives free. Cracked by XBINPDA!

Drops the following files:

[DRIVE LETTER]:\system\apps\Filexplorer\Filexplorer.exe (A copy of SymbOS.Commwarrior.N)
[DRIVE LETTER]:\system\apps\Filexplorer\Systems.mdl

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\FileXplorer.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:53

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 22.06.2006
auch bekannt als: Commdropper.H [F-Secure]

Information:

SymbOS.Commdropper.G is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.F on the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Ximpda.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Mobiluck 5.73 Cracked

When SymbOS.Commdropper.G is executed, it performs the following actions:

Displays the following message to the user:

Today, with MobiLuck you can already:
Detect all nearby Bluetooth devices. Your cell phone rings or [REMOVED].
Save time in public transportations and lines, enjoy cities and museums?
and many other things

Drops the following files:

c:\etel.dll
c:\system\apps\TTNCONTACTS\RecQWRD.mdl
c:\system\apps\TTNCONTACTS\TTNCONTACTS.exe (A copy of SymbOS.Commwarrior.F)

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Ximpda.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 23.07.2007, 18:55

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 07.07.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Commdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It installs SymbOS.Commwarrior!dam and SymbOS.Skulls onto the compromised device.

When a user opens the Trojan .sis file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

Once SymbOS.Commdropper.H is installed, the Trojan performs the following actions:
Displays the following message:

Install
BangBus X Films

Displays the following message:

March 22 The Story, by D. WMarrior (BangBus Brother)
It's been a long time coming!!! Dongzilla hims [REMOVED] to feel bad for her.... or make the most of the situation for all of
you guys out there... EXACTLY!

Drops the following files:

C:\System\Apps\VideoPlayer\VideoPlayer.app (A copy of SymbOS.Skulls)
C:\Videos\Bang\LeslieNudes\LeslieLoves.3gp (A copy of SymbOS.Commwarrior!dam)
C:\Videos\Bang\LeslieNudes\RecQWRD.mdl

The device installer also copies the Trojan .sis file into\system\install folder.

[Link nur für registrierte Mitglieder sichtbar.]

23.07.2007, 18:25	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.A Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 17.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Commdropper.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.F onto the compromised device. technische Details: It has been reported that the Trojan arrives as the following file: Update TomTom Mobile 5.40.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install Update TomTom Mobile 5.40 When SymbOS.Commdropper.A is executed, it performs the following actions: May display the following message when installed: In order to update the application of its movable device, memory card recorder must have lector/una. Microsoft ActiveSync?, Sony Ericsson PC suite or Nokia PC cannot be used Suite to install this update. We recommended to him encarecidamente that it makes a backup of its memory card of TomTom MOBILE before installing the new application. The following passages of update of the application include a passage for the accomplishment of a backup. No of the following steps skips. Cracked & Updated by [REMOVED]. (The life is a way. You do not lose yourself. ) Drops the following files: [DRIVE LETTER]\system\apps\TTMOBILE\CurrentMap.dat [DRIVE LETTER]\system\apps\TTMOBILE\Game.cfg [DRIVE LETTER]\system\apps\TTMOBILE\TREMOR.dll [DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.APP [DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.APP_org [DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.RSC [DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.aif [DRIVE LETTER]\system\apps\TTMOBILE\TTMOBILE.mbm [DRIVE LETTER]\system\apps\TTNCONTACTS\RecQWRD.mdl [DRIVE LETTER]\system\apps\TTNCONTACTS\TTNCONTACTS.exe (A copy of SymbOS.Commwarrior.F.) Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: [DRIVE LETTER]\system\install\Update TomTom Mobile 5.40.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:27	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.B Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 18.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Commdropper.B is a Trojan horse that affects the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops several SymbOS.Commwarrior variants on the compromised device. The Trojan reportedly arrives as SymbWarriorz.sis. When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Commdropper.B is executed, it performs the following actions: Display the following message prompting the user to install the threat: Install SymbWarriorz Drops the following files: [DRIVE LETTER]\System\apps\CommWarrior\commrec.mdl (which is detected as SymbOS.Commwarrior.A) [DRIVE LETTER]\System\apps\CommWarrior\commwarrior.exe (which is detected as SymbOS.Commwarrior.A) [DRIVE LETTER]\System\apps\MusicPlayer\Inition.mdl (which is detected as SymbOS.Commwarrior.D) [DRIVE LETTER]\System\apps\MusicPlayer\MusicPlayer.exe (which is detected as SymbOS.Commwarrior.D) [DRIVE LETTER]\System\programs\cworec.mdl (which is detected as SymbOS.Commwarrior.C) [DRIVE LETTER]\System\programs\cwoutcast.exe (which is detected as SymbOS.Commwarrior.C) The following file is also created by the device Installer, not the Trojan itself: \System\install\SymbWarriorz.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:46	#3 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.C Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 17.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Commdropper.C is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.D on the compromised device. technische Details: The Trojan reportedly arrives as the following file: Mp3 UltraDJ.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install Mp3 UltraDJ When SymbOS.Commdropper.C is executed, it performs the following actions: Drops the following files: [DRIVE LETTER]\system\apps\UltraMp3\czech.txt [DRIVE LETTER]\system\apps\UltraMp3\english.txt [DRIVE LETTER]\system\apps\UltraMp3\res\font.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\skin.ini [DRIVE LETTER]\system\apps\UltraMp3\res\skin.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\spr.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\spr.txt [DRIVE LETTER]\system\apps\UltraMp3\res\spr_a.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo.txt [DRIVE LETTER]\system\apps\UltraMp3\res\spr_logo_a.pcx [DRIVE LETTER]\system\apps\UltraMp3\res\UltraDemo.mp3 [DRIVE LETTER]\system\apps\UltraMp3\res\UltraDemo.s3m [DRIVE LETTER]\system\apps\UltraMp3\Skins\Ferrari.mp3skin [DRIVE LETTER]\system\apps\UltraMp3\Skins\Technic.mp3skin [DRIVE LETTER]\system\apps\UltraMp3\Skins\Tiger.mp3skin [DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.aif [DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.app [DRIVE LETTER]\system\apps\UltraMp3\UltraMP3.rsc [DRIVE LETTER]\system\apps\UltraPlayer\Inition.mdl [DRIVE LETTER]\system\recogs\UltraMP3Rec.mdl [DRIVE LETTER]\system\apps\UltraPlayer\UltraPlayer.exe (A copy of SymbOS.Commwarrior.D.) Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\Mp3 UltraDJ.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:48	#4 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.D Risiko: sehr gering Typ: Trpjanisches Pferd entdeckt am: 05.06.2005 auch bekannt als: SymbOS.Commdropper.D Information: SymbOS.Commdropper.D is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.D on the compromised device. technische Details: The Trojan reportedly arrives as the following file: SanValentin.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Te Quiero When SymbOS.Commdropper.D is executed, it performs the following actions: Displays the following during installtion: Alguien a quien le importas te ha mandado un beso. Por algo sera... Drops the following files: [DRIVELETTER]\system\apps\Filexplorer\Filexplorer.exe (A copy of SymbOS.Commwarrior.D) [DRIVELETTER]\system\apps\Filexplorer\Systems.mdl [DRIVELETTER]\system\Kissme.gif Note: The following file is also created by the device installer, not the Trojan itself: \system\install\SanValentin.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:50	#5 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.F Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 23.06.2006 auch bekannt als: Commdropper.C [F-Secure] Information: SymbOS.Commdropper.F is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.N on the compromised device. technische Details: The Trojan reportedly arrives as the following file: FileXplorer.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install F-Explorer 1.6 When SymbOS.Commdropper.F is executed, it performs the following actions: Displays the following message to the user: FileXplorer 1.06 for Symbian SmartPhones. Explorer of archives free. Cracked by XBINPDA! Drops the following files: [DRIVE LETTER]:\system\apps\Filexplorer\Filexplorer.exe (A copy of SymbOS.Commwarrior.N) [DRIVE LETTER]:\system\apps\Filexplorer\Systems.mdl Note: The following file is also created by the device installer, not the Trojan itself: \system\install\FileXplorer.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:53	#6 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.G Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 22.06.2006 auch bekannt als: Commdropper.H [F-Secure] Information: SymbOS.Commdropper.G is a Trojan horse that affects Symbian series 60 phones. The Trojan drops SymbOS.Commwarrior.F on the compromised device. technische Details: The Trojan reportedly arrives as the following file: Ximpda.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Mobiluck 5.73 Cracked When SymbOS.Commdropper.G is executed, it performs the following actions: Displays the following message to the user: Today, with MobiLuck you can already: Detect all nearby Bluetooth devices. Your cell phone rings or [REMOVED]. Save time in public transportations and lines, enjoy cities and museums? and many other things Drops the following files: c:\etel.dll c:\system\apps\TTNCONTACTS\RecQWRD.mdl c:\system\apps\TTNCONTACTS\TTNCONTACTS.exe (A copy of SymbOS.Commwarrior.F) Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Ximpda.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

23.07.2007, 18:55	#7 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.256 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 308 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Commdropper.H Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 07.07.2006 auch bekannt als: keine Angabe Information: SymbOS.Commdropper.H is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It installs SymbOS.Commwarrior!dam and SymbOS.Skulls onto the compromised device. When a user opens the Trojan .sis file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: Once SymbOS.Commdropper.H is installed, the Trojan performs the following actions: Displays the following message: Install BangBus X Films Displays the following message: March 22 The Story, by D. WMarrior (BangBus Brother) It's been a long time coming!!! Dongzilla hims [REMOVED] to feel bad for her.... or make the most of the situation for all of you guys out there... EXACTLY! Drops the following files: C:\System\Apps\VideoPlayer\VideoPlayer.app (A copy of SymbOS.Skulls) C:\Videos\Bang\LeslieNudes\LeslieLoves.3gp (A copy of SymbOS.Commwarrior!dam) C:\Videos\Bang\LeslieNudes\RecQWRD.mdl The device installer also copies the Trojan .sis file into\system\install folder. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln