SymbOS/Commwarrior.A!tr

Alias/esWorm.SymbOS.Comwar.b, SymbOS_ComWAR.A, SymbOS.Commwarrior.F
Release DateAug 03, 2006
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.196
Description

Visible Symptoms

.

Detailed Analysis

SymbOS/Commwarrior.A!tr - 06-08-03


More Info:

1. It is a Symbian virus, packed in .sis format.

2. Extracts the following files:

	!:\System\apps\TTNCONTACTS\TTNCONTACTS.exe 
	!:\System\apps\TTNCONTACTS\RecQWRD.mdl

3. Runs TTNCONTACTS.exe, which creates the following files on the compromised device:

	e:\System\recogs\RecQWRD.mdl
	e:\Sounds\Digital\RecQWRD.mdl
	e:\Sounds\Digital\WaveEditors.exe

4. Rebuilds a .sis file from the above files and copies it to the following location:

	e:\Sounds\Digital\Disco.mp3

5. Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file
   to all devices that it finds.

6. Selects a contact phone number from the device's phonebook randomly and sends an MMS message
   containing the Disco.mp3 file as an attachment.
Reference: ID - 252882