Esato Forums - General discussions : Other manufacturers : Series 60 Virus Alert!

Index Menu

> New Topic
> Reply
< Esato Forum Index > General discussions > Other manufacturers > Series 60 Virus Alert! Bookmark topic

whizkidd Posts: > 500

A new Commwarrior variant in the wild

For release October 18, 2005

F-Secure's Viruslab received a sample of a new Commwarrior variant,
Commwarrior.C on last Wednesday. It is probably the most dangerous mobile
phone virus detected so far. Luckily it doesn't seem to be widespread yet.

Commwarrior.C spreads over Bluetooth using random file names as earlier
variants do, but the MMS functionality is different. Commwarrior.C goes
through the address book and sends messages to numbers found in there, just
like A and B variants did. But in addition, it also mimics the users MMS
behavior. Commwarrior.C listens for any arriving MMS and SMS messages and
replies to them with an infected MMS. And when the user sends a SMS message,
Commwarrior follows this by sending immediately a second message to the same
address: an infected MMS. The messages being sent by Commwarrior.C contain
texts gathered from SMS messages that are stored on the phone, which means
that the recipient of MMS message will receive a text that doesn't seem too
strange.

Together these make a very strong social engineering trick: you send a SMS
message to an infected friend, and his phone immediately answers you back
with an infected MMS, completed with a message text stolen from random
earlier messages!

Commwarrior.C also copies itself on any MMC card inserted into the phone, so
it is also a virus capable of spreading to other phones if you share your
card.

Regardless of the spreading method, the recipient still has to accept and
install the SIS file of the virus, and accept the usual system warning of
installing an unsigned application.

In addition of spreading, Commwarrior.C also contains some payloads, by which
it indicates that it has infected the phone. On some phones the Commwarrior
changes the operator logo to it's own logo which contains text "Infected by
CommWarrior".

The virus might also open a web page to the phone's browser. This website
(which is hosted in Russia) has lifted some of it's content from F-Secure's
web pages at mobile.f-secure.com.

Commwarrior.C is detected by F-Secure Mobile Anti-Virus since October 13,
2005.

Be careful folks!

--
Posted: 2005-10-18 18:19:20
Edit : Quote

govigov Posts: > 500

Where can I get a copy of this virus? This message was posted from a P800
--
Posted: 2005-10-18 18:23:39
Edit : Quote

BlueQuill Posts: 419

There was an earlier report of a virus named caribe. It also attacked symbian s60. This message was posted from a Nokia
--
Posted: 2005-10-18 18:27:33
Edit : Quote

Kryptik Posts: > 500

Hmmm, i know of a site or two where some crazy people actually exchange virii. Needless to say, i browse that site without ever ever ever downloading anything... This message was posted from a Nokia
--
Posted: 2005-10-18 19:37:37
Edit : Quote

hotcha Posts: 93

Scary. Only a matter of time til stuff like this gets more widespread.
--
Posted: 2005-10-20 03:19:43
Edit : Quote

New Topic Reply