SymbOS/Comwar.fam!worm - Released Jan 11, 2007 - Last Updated Feb 09, 2007
|
Alias/esWorm.SymbOS.Comwar.c, SymbOS/Commwarrior.f!sis virus, SYMBOS_CMWAR.GEN |
Visible SymptomsThe infected phone may experience rapid battery power loss due to the constant efforts by the virus to infect other phones via a Bluetooth seek-and-connect outreach. |
Detailed AnalysisIt is a Symbian virus, packed in SIS format.
May pretend to be a package of a known program to deceive users into installing it.
Extracts some files to the folder !\system\apps\, such as:
- !\system\apps\filexplorer\filexplorer.exe
- !\system\apps\filexplorer\systems.mdl
These files are also detected as SymbOS/Comwar.fam!worm.
Copies the extracted MDL file to the following location:
- !\system\recogs\systems.mdll
This serves as an autostart entry for the extracted EXE file.
Rebuilds a SIS file from the above files and then attempts to send a copy of the SIS file to all Bluetooth-enabled devices that it finds.
Sends an MMS message containing the SIS file as an attachment to all the phone numbers listed in the device's phonebook. |
Recommended ActionTerminates the virus process.
Deletes all the virus files using a file manager program or a AV software for mobile. |
