| Alias/es | BtTerror.A (NetQin) |
| Release Date | Jul 13, 2010 |
| Detection Availability | Current Antivirus Definition Database Version: 12.308 | | Description | Visible SymptomsRapid battery loss due to Bluetooth device scanning and file sending.
Detailed AnalysisHackerTool/BtTerror!SymbOS is a hacking tool.
Installed on an attacker's phone (running Symbian), it repeatedly sends a file to other bluetooth devices it sees next to it (victim devices).
The file is sent forcefully to the victim: the victim cannot deny/cancel file transfer (apart from making his device invisible to other Bluetooth devices, or disabling Bluetooth altogether).
Technical Details
HackerTool/BtTerror!SymbOS is written in Python. It is packaged in a SIS file for installation on Symbian phones. To run correctly, it however requires the Python environment to be installed on the mobile phone.
Once installed, the tool lets the attacker select the file he wishes to send. Then, the tool scans for visible bluetooth devices, asks the attacker to select a target and repeatedly sends that file via OBEX.
Figure 1. Welcome text of HackerTool/BtTerror!SymbOS
On the attacker's device, installed files are listed below:
- !:\system\libs\lite_fm.pyc: legitimate light file manager python library
- !:\system\libs\bt_teror.pyc: malicious bluetooth library. Some samples contain the uncompiled version (.py), others the compiled code (.pyc)
- !:\system\apps\bt_terror\default.py: main malicious entry point that calls the bluetooth library
- !:\system\apps\bt_terror\bt_terror.rsc
- !:\system\apps\bt_terror\bt_terror.app
- !:\system\apps\bt_terror\bt_terror.aif
- popup0.txt: installation message
|
Description Last Updated Date: Jul 26, 2010
Reference: ID - 1926414
|