lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <14468195390.20041130210632@axelero.hu>
From: papp_geza1 at axelero.hu (Geza Papp dr (Axelero))
Subject: new Symbian bluetooth worm

Hy

Symb/Cabir-B is a worm written specifically for Nokia Series 60 mobile phones
running the Symbian operating system.

The worm spreads as a Symbian SIS package named camtimer.sis. The package
contains the following components extracted to ./System/Apps, ./System/CARIBESECURITYMANAGER
and ./System/Recogs:

./system/apps/CamTimer/camtimer.rsc
./system/apps/CamTimer/camtimer.app
./system/apps/caribe/flo.mdl
./system/apps/caribe/caribe.rsc
./system/apps/caribe/caribe.app
./system/CARIBESECURITYMANAGER/caribe.rsc
./system/CARIBESECURITYMANAGER/caribe.app
./system/CARIBESECURITYMANAGER/CAMTIMER.sis
./system/RECOGS/flo.mdl

Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch the Symb/Cabir-B
appliction file caribe.app when the device is powered on.

Camtimer.rsc and camtimer.app are parts of a non-malicious camera timer application
installed with the worm.

Once running Symb/Cabir-B attempts to send itself to bluetooth-enabled devices found
in the proximity of the infected mobile phone.

The Symb/Cabir-B camtimer.sis file may be installed by Troj/Skulls-B. 

SOPHOS Anti Virus

-- 
Regards,
 Geza                            mailto:papp_geza1@...lero.hu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ