[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] new Symbian bluetooth worm

To: Brandy Simon <brandysimon@xxxxxxxxx>
Subject: [Full-Disclosure] new Symbian bluetooth worm
From: "Geza Papp dr (Axelero)" <papp_geza1@xxxxxxxxxx>
Date: Tue, 30 Nov 2004 21:06:32 +0100

Hy

Symb/Cabir-B is a worm written specifically for Nokia Series 60 mobile phones
running the Symbian operating system.

The worm spreads as a Symbian SIS package named camtimer.sis. The package
contains the following components extracted to ./System/Apps, 
./System/CARIBESECURITYMANAGER
and ./System/Recogs:

./system/apps/CamTimer/camtimer.rsc
./system/apps/CamTimer/camtimer.app
./system/apps/caribe/flo.mdl
./system/apps/caribe/caribe.rsc
./system/apps/caribe/caribe.app
./system/CARIBESECURITYMANAGER/caribe.rsc
./system/CARIBESECURITYMANAGER/caribe.app
./system/CARIBESECURITYMANAGER/CAMTIMER.sis
./system/RECOGS/flo.mdl

Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch the 
Symb/Cabir-B
appliction file caribe.app when the device is powered on.

Camtimer.rsc and camtimer.app are parts of a non-malicious camera timer 
application
installed with the worm.

Once running Symb/Cabir-B attempts to send itself to bluetooth-enabled devices 
found
in the proximity of the infected mobile phone.

The Symb/Cabir-B camtimer.sis file may be installed by Troj/Skulls-B. 

SOPHOS Anti Virus

-- 
Regards,
 Geza                            mailto:papp_geza1@xxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] this is fun?
  - From: Brandy Simon

Prev by Date: Re: [Full-Disclosure] Network Sniffing
Next by Date: Re: [Full-Disclosure] Network Sniffing
Previous by thread: [Full-Disclosure] this is fun?
Next by thread: Re: [Full-Disclosure] this is fun?
Index(es):
- Date
- Thread