[SymbianOS] SymbOS.Mabir - Mobilfunk-FAQ

Hangman · 25.07.2007, 16:02

Risiko: sehr gering
Typ: Wurm
entdeckt am: 04.04.2005
auch bekannt als: Mabir.A [F-Secure], SYMBOS_MABIR.A [Trend Micro]

Information:

SymbOS.Mabir is a worm that propagates through Bluetooth and MMS. The worm runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.

technische Details:

Once executed, SymbOS.Mabir performs the following actions:
Creates the following files on the device:

\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.APP
\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.RSC
\SYSTEM\RECOGS\FLO.MDL
\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.SIS
\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\IN FO.SIS

Sends MMS messages to the phone numbers of newly received MMS messages. The worm includes a copy of itself as an attachment.

Scans for other Bluetooth-enabled devices to send itself to. The worm will attempt to send itself to any Bluetooth devices found.

Executes every time the compromised device is powered off and powered back on.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 16:09

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 08.07.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Mabir.B is a worm that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread through Bluetooth and MMS.

The worm reportedly arrives as the following file.
Gollum.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

Once SymbOS.Mabir.B is installed, it performs the following actions:
Displays the following message prompting the user to install the threat:

Install
Gollum ScreenSaver

Drops the following components:

[DRIVE LETTER]:\system\Systemantivirdata\Antiwormsdataxmanager\G ollum.exe
[DRIVE LETTER]:\system\Systemantivirdata\Antiwormsdataxmanager\i ni.mdl

Executes the Gollum.exe file to attempt to spread through Bluetooth and MMS. It has been reported that the worm may not function correctly.

The following file is also created by the device Installer, not the worm itself:

\system\install\Gollum.sis

[Link nur für registrierte Mitglieder sichtbar.]

25.07.2007, 16:02	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Mabir Risiko: sehr gering Typ: Wurm entdeckt am: 04.04.2005 auch bekannt als: Mabir.A [F-Secure], SYMBOS_MABIR.A [Trend Micro] Information: SymbOS.Mabir is a worm that propagates through Bluetooth and MMS. The worm runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. technische Details: Once executed, SymbOS.Mabir performs the following actions: Creates the following files on the device: \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.APP \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.RSC \SYSTEM\RECOGS\FLO.MDL \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.SIS \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\IN FO.SIS Sends MMS messages to the phone numbers of newly received MMS messages. The worm includes a copy of itself as an attachment. Scans for other Bluetooth-enabled devices to send itself to. The worm will attempt to send itself to any Bluetooth devices found. Executes every time the compromised device is powered off and powered back on. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 16:09	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Mabir.B Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 08.07.2006 auch bekannt als: keine Angabe Information: SymbOS.Mabir.B is a worm that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It attempts to spread through Bluetooth and MMS. The worm reportedly arrives as the following file. Gollum.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: Once SymbOS.Mabir.B is installed, it performs the following actions: Displays the following message prompting the user to install the threat: Install Gollum ScreenSaver Drops the following components: [DRIVE LETTER]:\system\Systemantivirdata\Antiwormsdataxmanager\G ollum.exe [DRIVE LETTER]:\system\Systemantivirdata\Antiwormsdataxmanager\i ni.mdl Executes the Gollum.exe file to attempt to spread through Bluetooth and MMS. It has been reported that the worm may not function correctly. The following file is also created by the device Installer, not the worm itself: \system\install\Gollum.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)