Home page logo

fulldisclosure logo Full Disclosure mailing list archives

new Symbian bluetooth worm
From: "Geza Papp dr (Axelero)" <papp_geza1 () axelero hu>
Date: Tue, 30 Nov 2004 21:06:32 +0100


Symb/Cabir-B is a worm written specifically for Nokia Series 60 mobile phones
running the Symbian operating system.

The worm spreads as a Symbian SIS package named camtimer.sis. The package
contains the following components extracted to ./System/Apps, ./System/CARIBESECURITYMANAGER
and ./System/Recogs:


Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch the Symb/Cabir-B
appliction file caribe.app when the device is powered on.

Camtimer.rsc and camtimer.app are parts of a non-malicious camera timer application
installed with the worm.

Once running Symb/Cabir-B attempts to send itself to bluetooth-enabled devices found
in the proximity of the infected mobile phone.

The Symb/Cabir-B camtimer.sis file may be installed by Troj/Skulls-B. 

SOPHOS Anti Virus

 Geza                            mailto:papp_geza1 () axelero hu

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]