Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

new Symbian bluetooth worm
From: "Geza Papp dr (Axelero)" <papp_geza1 () axelero hu>
Date: Tue, 30 Nov 2004 21:06:32 +0100

Hy

Symb/Cabir-B is a worm written specifically for Nokia Series 60 mobile phones
running the Symbian operating system.

The worm spreads as a Symbian SIS package named camtimer.sis. The package
contains the following components extracted to ./System/Apps, ./System/CARIBESECURITYMANAGER
and ./System/Recogs:

./system/apps/CamTimer/camtimer.rsc
./system/apps/CamTimer/camtimer.app
./system/apps/caribe/flo.mdl
./system/apps/caribe/caribe.rsc
./system/apps/caribe/caribe.app
./system/CARIBESECURITYMANAGER/caribe.rsc
./system/CARIBESECURITYMANAGER/caribe.app
./system/CARIBESECURITYMANAGER/CAMTIMER.sis
./system/RECOGS/flo.mdl

Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch the Symb/Cabir-B
appliction file caribe.app when the device is powered on.

Camtimer.rsc and camtimer.app are parts of a non-malicious camera timer application
installed with the worm.

Once running Symb/Cabir-B attempts to send itself to bluetooth-enabled devices found
in the proximity of the infected mobile phone.

The Symb/Cabir-B camtimer.sis file may be installed by Troj/Skulls-B. 

SOPHOS Anti Virus

-- 
Regards,
 Geza                            mailto:papp_geza1 () axelero hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]