Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 02.02.2005
auch bekannt als: Locknut.A [F-Secure], SYMBOS_LOCKNUT.A [Trend Micro], SYMBOS_LOCKNUT.B [Trend Micro]

Information:

SymbOS.Locknut is a Trojan horse program that uses a vulnerability to cause devices running Symbian OS v7.0s to crash. A minor variant of this Trojan also installs a version of SymbOS.Cabir or SymbOS.Cabir.B on the compromised device.

technische Details:

When SymbOS.Locknut is executed, it performs the following actions:
Creates some of the following files:

[DRIVE LETTER]:\system\apps\gavno\gavno_caption.rsc
[DRIVE LETTER]:\system\apps\gavno\gavno.rsc
[DRIVE LETTER]:\system\apps\gavno\gavno.app
[DRIVE LETTER]:\patch.sis
[DRIVE LETTER]:\system\installs\patch.sis
[DRIVE LETTER]:\system\installs\patch_v1.sis
[DRIVE LETTER]:\system\installs\patch_v2.sis

Note: When this occurs on Symbian OS v7.0s, some critical system ROM binary files will be overwritten and the device may crash.

Displays the following message:

App. closed
AppArcServerTh
read



May install SymbOS.Cabir or SymbOS.Cabir.B by dropping some of the following files:

[DRIVE LETTER]:\system\RECOGS\flo.mdl
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.sis
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.rsc
[DRIVE LETTER]:\system\CARIBESECURITYMANAGER\caribe.app
[DRIVE LETTER]:\system\Apps\caribe\flo.mdl
[DRIVE LETTER]:\system\Apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\Apps\caribe\caribe.app
[DRIVE LETTER]:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\c aribe.sis
[DRIVE LETTER]:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\c aribe.rsc
[DRIVE LETTER]:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\c aribe.app
[DRIVE LETTER]:\system\installs\caribe.sis

Note: Some variants of caribe.sis also contain SymbOS.Locknut. Therefore SymbOS.Locknut may be sent out with variants of Caribe via Bluetooth.

[Link nur für registrierte Mitglieder sichtbar.]