Alias/es

Visible Symptoms

• Prior to becoming infected, user may receive an installer file named "Codec.sis" from an infected user
  
  
• Creation of files onto an infected device -
  
  \system\wmedias\UltraPlayer.exe
  \system\recogs\Codec.sis
  \system\apps\UltraPlayer\ultraplayer.exe
  \system\apps\UltraPlayer\inition.mdl
  
  

Detailed Analysis

This is another worm coded for Series 60 mobile devices running Symbian OS.

This virus arrives from an infected user as an installable file named "Codec.sis". If the unsuspecting user opens the installer package, it will install the virus an infect the device. The virus loads via a loader file named "inition.mdl". When the virus loads into memory, it will attempt to send itself to other contacts as an attachment to messages. The message transport is Bluetooth and Obex.

Potential messages sent to others are in Spanish text. These are some of the expected messages a targeted user could receive -

Feliz Cumple!!!
Felicidades!!!! Tienes una postal aki!

Orgullo Gay
Descarga nuevos sonitonos aqui!

Mi Exnovia!
Mp3 Player para Nokia series 60. Instalalo yaa!

Mi foto erotic@
Coleccion de mis fotoalbum fallas 2006!!!

Nuevas Tiendas!
Hay que pagar para respirar y mear
Movistar!

Miscellaneous
This virus contains a short string left by the virus author that is not displayed -

WARRIOR BY DLUXE

Recommended Action

FortiGate systems:


• check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
  
  
  FortiClient systems:
  
  
• Quarantine/Delete infected files detected