| Alias/es | SymbOS/Beselo virus, Symb/Beselo-B |
| Release Date | Feb 18, 2008 |
| Detection Availability | Current Antivirus Definition Database Version: 12.196 | | Description | Visible SymptomsThe following files exist:
- c:\system\Apps\[random_name].exe : 83662 bytes
- c:\system\Apps\[random_name].sis : 61279 bytes
- c:\system\recogs\[random_name].mdl : 3296 bytes
- c:\system\Data\[random_name].exe : 83662 bytes
- c:\system\Data\[random name].dat : 8 bytes
- c:\system\Data\[random_name].ini : 0 bytes
Any of the following files exist:
- c:\system\Install\sex.mp3 : 61279 bytes
- c:\system\Install\love.rm : 61279 bytes
- c:\system\Install\beauty.jpg : 61279 bytes
Detailed Analysis
It propagates via MMS and Bluetooth.
Once the user opens the MMS message that contains this worm, the phone demands the user's permission to install a file. The file has a random name.
Once the application is installed, the following files can be found in the file system:
- c:\system\Apps\[random_name].exe : 83662 bytes
- c:\system\Apps\[random_name].sis : 61279 bytes
- c:\system\recogs\[random_name].mdl : 3296 bytes
- c:\system\Data\[random_name].exe : 83662 bytes
- c:\system\Data\[random_name].dat : 8 bytes
- c:\system\Data[random_name].ini : 0 bytes
as well as any of the following files:
- c:\system\Install\sex.mp3 : 61279 bytes
- c:\system\Install\love.rm : 61279 bytes
- c:\system\Install\beauty.jpg : 61279 bytes
It sends itself as an MMS to phone numbers of the same operator as well as to the phone numbers of the contacts on the infected phone.
It searches for Bluetooth-enabled devices and attempts to send a copy of the SIS file to all devices that it finds. The file name is one of the following:
- beauty.jpg
- love.rm
- sex.mp3
|
Description Last Updated Date: Mar 17, 2008
Reference: ID - 432613
|