[SymbianOS] SymbOS.Stealwar - Mobilfunk-FAQ

Hangman · 26.07.2007, 18:10

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 20.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Stealwar.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

StealWarrior.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
StealWarrior

When SymbOS.Stealwar is executed, it performs the following actions:
Drops the following files:

[DRIVE LETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.)
[DRIVE LETTER]\system\apps\caribe\caribe.rsc
[DRIVE LETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.)
[DRIVE LETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.)
[DRIVE LETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.)
[DRIVE LETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.)
[DRIVE LETTER]\system\apps\pbexplorer\pbexplorer.rsc
[DRIVE LETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.)
[DRIVE LETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.)
[DRIVE LETTER]\system\apps\velasco\velasco.rsc

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The following file is also created by the device Installer, not the Trojan itself:

\system\install\StealWarrior.sis

Displays the following message during installation:

StealWarrior v1.0 © 2006 by helzim
EUROMAXBLUE COLD!

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 26.07.2007, 18:11

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 20.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Stealwar.B is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

ScreenStealer.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
ScreenStealer by P2Spy

When SymbOS.Stealwar.B is executed, it performs the following actions:
Drops the following files:

C:\System\Recogs\RecStoper.mdl
C:\System\apps\Skins\WarriorMarrior\Startup.app
C:\System\apps\Skins\WarriorMarrior\Startup.r02
C:\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.)
C:\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.)
C:\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.)
C:\system\apps\pbexplorer\pbexplorer.rsc
C:\system\programs\SplashScreen.exe

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The following file is also created by the device Installer, not the Trojan itself:

\system\install\ScreenStealer.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 26.07.2007, 18:16

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 20.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Stealwar.C is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

StealWarrior v2.0 Pro.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
StealWarrior

It also displays the following message during Installation:

StealWarrior v2.0 Professional

When SymbOS.Stealwar.C is executed, it performs the following actions:
Drops the following files:

C:\system\apps\BiNPDA\BiNPDA.exe
C:\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.)
C:\system\apps\pbexplorer\pbexplorer.rsc
[DRIVELETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Mabir.)
[DRIVELETTER]\system\apps\caribe\caribe.rsc
[DRIVELETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.)
[DRIVELETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.)
[DRIVELETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.)
[DRIVELETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.)
[DRIVELETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.)
[DRIVELETTER]\system\apps\velasco\velasco.rsc

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\StealWarrior v2.0 Pro.sis.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 26.07.2007, 18:20

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 20.05.2006
auch bekannt als:

Information:

SymbOS.Stealwar.D is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

StealWarrior v3.0 Final.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
StealWarrior Final

It also displays the following message during Installation:

This latest version for
StealWarrior v3.0
Copyright © 2006 by Helzim
best regards, from Europa

EUROMAXBLUE COLD!

When SymbOS.Stealwar.D is executed, it preforms the following actions:
Drops the following files:

[DRIVELETTER]\system\apps\OIDI500\OIDI500.aif
[DRIVELETTER]\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir.B.)
[DRIVELETTER]\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir.)
[DRIVELETTER]\system\apps\OIDI500\OIDI500.rsc
[DRIVELETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.)
[DRIVELETTER]\system\apps\pbexplorer\pbexplorer.rsc
[DRIVELETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.)
[DRIVELETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.)
[DRIVELETTER]\system\apps\velasco\velasco.rsc
[DRIVELETTER]\system\programs\cwoutcast.exe (A copy of SymbOS.Commwarrior.C.)

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\StealWarrior v3.0 Final.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 26.07.2007, 18:22

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 20.05.2006
auch bekannt als: keine Angabe

Information:

SymbOS.Stealwar.E is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

StealWarrior.sis

When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat:

Install
StealWarrior

When SymbOS.Stealwar.E is executed, it performs the following actions:
Drops the following files:
[DRIVELETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.)
[DRIVELETTER]\system\apps\caribe\caribe.rsc
[DRIVELETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.)
[DRIVELETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.)
[DRIVELETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.)
[DRIVELETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.)
[DRIVELETTER]\system\apps\pbexplorer\pbexplorer.rsc

Note:
The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process.
The following file is also created by the device Installer, not the Trojan itself:

\system\install\StealWarrior.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 26.07.2007, 18:24

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 07.11.2006
auch bekannt als: Stealwar.F [F-Secure]

Information:

SymbOS.Stealwar.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops SymbOS.Cabir, SymbOS.Lasco.A, SymbOS.Pbstealer.A, Trojan.Mos and some other threats onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Multimedia.sis

When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Multimedia

When SymbOS.Stealwar.F is executed, it performs the following actions:

Drops the following files:

[DRIVE LETTER]:\system\apps\caribe\caribe.app, which is a copy of SymbOS.Cabir
[DRIVE LETTER]:\system\apps\caribe\caribe.rsc
[DRIVE LETTER]:\system\apps\caribe\flo.mdl, which is a copy of SymbOS.Mabir
[DRIVE LETTER]:\system\apps\CommWarrior\commrec.mdl, which is a copy of SymbOS.Commwarrior.A
[DRIVE LETTER]:\system\apps\CommWarrior\commwarrior.exe, which is a copy of SymbOS.Commwarrior.A
[DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.aif
[DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.app, which is a copy of Trojan.Mos
[DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.rsc
[DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos_caption.rsc
[DRIVE LETTER]:\system\apps\pbexplorer\pbexplorer.app, which is a copy of SymbOS.Pbstealer.A
[DRIVE LETTER]:\system\apps\pbexplorer\pbexplorer.rsc
[DRIVE LETTER]:\system\apps\velasco\marcos.mdl, which is a copy of SymbOS.Lasco.A
[DRIVE LETTER]:\system\apps\velasco\velasco.app, which is a copy of SymbOS.Lasco.A
[DRIVE LETTER]:\system\apps\velasco\velasco.rsc

Creates the following file:

\system\install\Multimedia.sis

Note: This file is actually created by the Installer, not the threat.

[Link nur für registrierte Mitglieder sichtbar.]

26.07.2007, 18:10	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.A Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 20.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Stealwar.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: StealWarrior.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install StealWarrior When SymbOS.Stealwar is executed, it performs the following actions: Drops the following files: [DRIVE LETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.) [DRIVE LETTER]\system\apps\caribe\caribe.rsc [DRIVE LETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.) [DRIVE LETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.) [DRIVE LETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.) [DRIVE LETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.) [DRIVE LETTER]\system\apps\pbexplorer\pbexplorer.rsc [DRIVE LETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.) [DRIVE LETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.) [DRIVE LETTER]\system\apps\velasco\velasco.rsc Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\StealWarrior.sis Displays the following message during installation: StealWarrior v1.0 © 2006 by helzim EUROMAXBLUE COLD! [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

26.07.2007, 18:11	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.B Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 20.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Stealwar.B is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: ScreenStealer.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install ScreenStealer by P2Spy When SymbOS.Stealwar.B is executed, it performs the following actions: Drops the following files: C:\System\Recogs\RecStoper.mdl C:\System\apps\Skins\WarriorMarrior\Startup.app C:\System\apps\Skins\WarriorMarrior\Startup.r02 C:\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.) C:\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.) C:\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.) C:\system\apps\pbexplorer\pbexplorer.rsc C:\system\programs\SplashScreen.exe Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\ScreenStealer.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

26.07.2007, 18:16	#3 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.C Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 20.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Stealwar.C is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: StealWarrior v2.0 Pro.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install StealWarrior It also displays the following message during Installation: StealWarrior v2.0 Professional When SymbOS.Stealwar.C is executed, it performs the following actions: Drops the following files: C:\system\apps\BiNPDA\BiNPDA.exe C:\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.) C:\system\apps\pbexplorer\pbexplorer.rsc [DRIVELETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Mabir.) [DRIVELETTER]\system\apps\caribe\caribe.rsc [DRIVELETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.) [DRIVELETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.) [DRIVELETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.) [DRIVELETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.) [DRIVELETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.) [DRIVELETTER]\system\apps\velasco\velasco.rsc Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\StealWarrior v2.0 Pro.sis.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

26.07.2007, 18:20	#4 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.D Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 20.05.2006 auch bekannt als: Information: SymbOS.Stealwar.D is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: StealWarrior v3.0 Final.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install StealWarrior Final It also displays the following message during Installation: This latest version for StealWarrior v3.0 Copyright © 2006 by Helzim best regards, from Europa EUROMAXBLUE COLD! When SymbOS.Stealwar.D is executed, it preforms the following actions: Drops the following files: [DRIVELETTER]\system\apps\OIDI500\OIDI500.aif [DRIVELETTER]\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir.B.) [DRIVELETTER]\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir.) [DRIVELETTER]\system\apps\OIDI500\OIDI500.rsc [DRIVELETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.) [DRIVELETTER]\system\apps\pbexplorer\pbexplorer.rsc [DRIVELETTER]\system\apps\velasco\marcos.mdl (A copy of SymbOS.Cabir.K.) [DRIVELETTER]\system\apps\velasco\velasco.app (A copy of SymbOS.Cabir.K.) [DRIVELETTER]\system\apps\velasco\velasco.rsc [DRIVELETTER]\system\programs\cwoutcast.exe (A copy of SymbOS.Commwarrior.C.) Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\StealWarrior v3.0 Final.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

26.07.2007, 18:22	#5 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.E Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 20.05.2006 auch bekannt als: keine Angabe Information: SymbOS.Stealwar.E is a Trojan horse that affects Symbian series 60 phones. The Trojan drops several threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: StealWarrior.sis When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device will display the following message prompting the user to install the threat: Install StealWarrior When SymbOS.Stealwar.E is executed, it performs the following actions: Drops the following files: [DRIVELETTER]\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.) [DRIVELETTER]\system\apps\caribe\caribe.rsc [DRIVELETTER]\system\apps\caribe\flo.mdl (A copy of SymbOS.Mabir.) [DRIVELETTER]\system\apps\CommWarrior\commrec.mdl (A copy of SymbOS.Commwarrior.A.) [DRIVELETTER]\system\apps\CommWarrior\commwarrior.exe (A copy of SymbOS.Commwarrior.A.) [DRIVELETTER]\system\apps\pbexplorer\pbexplorer.app (A copy of SymbOS.Pbstealer.A.) [DRIVELETTER]\system\apps\pbexplorer\pbexplorer.rsc Note: The [DRIVE LETTER] variable refers to the drive letter that is used to represent the device itself or the memory card. The actual value will depend on the choice the user makes during the installation process. The following file is also created by the device Installer, not the Trojan itself: \system\install\StealWarrior.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

26.07.2007, 18:24	#6 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 2.770 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 341 Uploads: 325 Abgegebene Danke: 47 Erhielt 484 Danke für 265 Beiträge	[SymbianOS] SymbOS.Stealwar.F Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 07.11.2006 auch bekannt als: Stealwar.F [F-Secure] Information: SymbOS.Stealwar.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It drops SymbOS.Cabir, SymbOS.Lasco.A, SymbOS.Pbstealer.A, Trojan.Mos and some other threats onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Multimedia.sis When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Multimedia When SymbOS.Stealwar.F is executed, it performs the following actions: Drops the following files: [DRIVE LETTER]:\system\apps\caribe\caribe.app, which is a copy of SymbOS.Cabir [DRIVE LETTER]:\system\apps\caribe\caribe.rsc [DRIVE LETTER]:\system\apps\caribe\flo.mdl, which is a copy of SymbOS.Mabir [DRIVE LETTER]:\system\apps\CommWarrior\commrec.mdl, which is a copy of SymbOS.Commwarrior.A [DRIVE LETTER]:\system\apps\CommWarrior\commwarrior.exe, which is a copy of SymbOS.Commwarrior.A [DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.aif [DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.app, which is a copy of Trojan.Mos [DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos.rsc [DRIVE LETTER]:\system\apps\Mosquitos\Mosquitos_caption.rsc [DRIVE LETTER]:\system\apps\pbexplorer\pbexplorer.app, which is a copy of SymbOS.Pbstealer.A [DRIVE LETTER]:\system\apps\pbexplorer\pbexplorer.rsc [DRIVE LETTER]:\system\apps\velasco\marcos.mdl, which is a copy of SymbOS.Lasco.A [DRIVE LETTER]:\system\apps\velasco\velasco.app, which is a copy of SymbOS.Lasco.A [DRIVE LETTER]:\system\apps\velasco\velasco.rsc Creates the following file: \system\install\Multimedia.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln