This application requires Javascript for optimal performance.

SymbOS/Cabir.B!worm - Released Jun 14, 2004 - Last Updated Sep 22, 2005

Alias/es

Epoc/Cabir [F-Prot], Symb/Cabir-B, SymbOS.Cabir.B [NAV], SymbOS/Cabir.B, SymbOS/Cabir.B-wm, SymbOS/Cdropper.C, SymbOS/Locknut.B-net, Worm.SymbOS.Cabir.c

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • The following message is displayed:
    Caribe-VZ/29a

Detailed Analysis

  • It is a Symbian virus, packed in .SIS format.

  • The following message is displayed on the screen during installation:
    This is advanced camera timer for your phone!
  • Extracts the following files:

    • C:\system\RECOGS\flo.mdl
    • C:\system\CARIBESECURITYMANAGER\caribe.app
    • C:\system\CARIBESECURITYMANAGER\caribe.rsc
    • C:\system\CARIBESECURITYMANAGER\CAMTIMER.sis
    • C:\system\apps\caribe\flo.mdl
    • C:\system\apps\caribe\caribe.app
    • C:\system\apps\caribe\caribe.rsc
    • C:\system\apps\CamTimer\camtimer.app
    • C:\system\apps\CamTimer\camtimer.rsc

  • Attempts to send itself to other Bluetooth-enabled devices that it finds.

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

  • Do not accept unsolicited applications which may be received by Infrared or other means

Reference: ID - 95430