Hangman

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 03.10.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Fontal.B is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.

technische Details:

SymbOS.Fontal.B arrives as the following file:

EICAR Anti-virus.SIS

When SymbOS.Fontal.B is executed, it performs the following actions:
Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device.

Drops the following files on the compromised device:

C:\System\apps\AppMngr\Appmngr.app
C:\System\apps\pjBLUE\pjBLUE.aif
C:\System\apps\pjBLUE\pjBLUE.APP
C:\System\apps\pjBLUE\pjBLUE_CAPTION.rsC
C:\System\Fonts\pjBLUE.gdr

Note: The dropped Font file is corrupted, which prevents the compromised device from restarting properly. This causes the compromised device to continuously restart.

Prompts the user to restart the compromised device to complete the installation.

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 04.10.2005
auch bekannt als: SYMBOS_FONTAL.E [Trend Micro]

Information:

SymbOS.Fontal.C is a Trojan horse that affects Symbian series 60 phones and causes the compromised device to continuously restart.

technische Details:

The Trojan arrives as a .SIS installer file named Nokia Update By 0ID50.SIS.

When SymbOS.Fontal.C is executed, it performs the following actions:
Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device.

Displays a message prompting the user to Install:

"Nokia update by OID500"

Drops the following files:

C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\Data\Data.app
C:\System\Apps\Data\Data_CAPTION.rsc
C:\System\Apps\AppInst\AppInst.ini
C:\system\install\[name of install file].SIS
C:\System\Fonts\0ID500.gdr

Displays the following message to prompt the user to restart the compromised device to complete the installation,

"Your phone is need to be updated. Please restart your phone after complete installation to activate your update."

Drops a corrupted Font file which prevents the compromised device from restarting properly, causing it to continuously attempt to shut down and restart.

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 02.12.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Fontal.D is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops a corrupted Font file, which will cause the compromised device to fail at next reboot. It also attempts to disable Kaspersky Anti-Virus for Symbian by overwriting the files associated with this application.

SymbOS.Fontal.D reportedly arrives as Nokia Anti-Virus.SIS.

technische Details:

When SymbOS.Doomboot.Q is executed, it performs the following actions:
Copies itself as the following file:

Nokia Anti-Virus.SIS

Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the phone will display a message prompting the user to Install:



Drops the following files:

C:\System\apps\KAS\KAS
C:\System\apps\KAS\s.mid
C:\System\apps\KAS\lnotify.mbm
C:\System\apps\KAS\lnotify.rsc
C:\System\apps\KAS\lnotify.app
C:\System\apps\KAS\limages.mbm
C:\System\apps\KAS\KAS_caption.r01
C:\System\apps\KAS\KaS.aif
C:\System\apps\KAS\Engine.exe
C:\System\apps\KAS\b.dat
C:\System\apps\KAS\KAS.r01
C:\System\Fonts\Kaspersky.gdr, SymbOS.Fontal.A
C:\System\help\KasAntivirusHelp.hlp
C:\System\libs\kasdll.dll
C:\System\recogs\kas_antivirus.mdl

Displays the following message after installation:



Creates the following file:

C:\system\install\Nokia Anti-Virus.sis

Note: This file is actually created by the phone installer, not the threat.

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten

Hangman

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 29.11.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Fontal.E is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It installs a corrupt font file on the compromised device.

SymbOS.Fontal.E reportedly arrives as T-VIRUS.sis.

technische Details:

When SymbOS.Fontal.E is executed, it performs the following actions:
Copies itself as the following file:

T-VIRUS.sis

Note: If a user opens this file, the device Installer will display a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to Install:

T-VIRUS



Displays the following message after installation:

You infected by T-Virus Someone Has Infected you With The T-VIRUS transmitted by SMS or MMS you want Disinfect your phone please press OK and Restart your phone after installation complete to Disinfect



Installs the following file, which is a corrupt font file, on the compromised device:

C:\system\Fonts\T-VIRUS.gdr

As a result of the installation of this file, the device will not start correctly if it is restarted. This file is detected as SymbOS.Fontal.A.

[Link nur für registrierte Mitglieder sichtbar.]

__________________
lesen - denken - posten