Full Disclosure mailing list archives
new Symbian bluetooth worm
From: "Geza Papp dr (Axelero)" <papp_geza1 () axelero hu>
Date: Tue, 30 Nov 2004 21:06:32 +0100
Hy Symb/Cabir-B is a worm written specifically for Nokia Series 60 mobile phones running the Symbian operating system. The worm spreads as a Symbian SIS package named camtimer.sis. The package contains the following components extracted to ./System/Apps, ./System/CARIBESECURITYMANAGER and ./System/Recogs: ./system/apps/CamTimer/camtimer.rsc ./system/apps/CamTimer/camtimer.app ./system/apps/caribe/flo.mdl ./system/apps/caribe/caribe.rsc ./system/apps/caribe/caribe.app ./system/CARIBESECURITYMANAGER/caribe.rsc ./system/CARIBESECURITYMANAGER/caribe.app ./system/CARIBESECURITYMANAGER/CAMTIMER.sis ./system/RECOGS/flo.mdl Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch the Symb/Cabir-B appliction file caribe.app when the device is powered on. Camtimer.rsc and camtimer.app are parts of a non-malicious camera timer application installed with the worm. Once running Symb/Cabir-B attempts to send itself to bluetooth-enabled devices found in the proximity of the infected mobile phone. The Symb/Cabir-B camtimer.sis file may be installed by Troj/Skulls-B. SOPHOS Anti Virus -- Regards, Geza mailto:papp_geza1 () axelero hu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- this is fun? Brandy Simon (Nov 30)
- Re: this is fun? Kevin Finisterre (Nov 30)
- Re: this is fun? Andrew Smith (Nov 30)
- new Symbian bluetooth worm Geza Papp dr (Axelero) (Nov 30)
- Re: this is fun? Kevin Finisterre (Nov 30)