Esato Mobile
General discussions : General : 'caribe' - new celfone virus
Index Menu
Sign in
> New Topic
> Reply
< Esato Forum Index > General discussions > General > 'caribe' - new celfone virus Bookmark topic
*Jojo* Posts: > 500

As I watch a local news late last night, the show made feature of a new 'virus' that was detected from a celfone This may sound like a re-run to some folks here, but I was just shocked to see that virus now really have infiltrated our celfone, for a while I thought that it only applies to PC and the like The mode of transfer can be made via 'Bluetooth', so 'bluejackers' beware. As it enters your fones system, it will destroy some of the softwares first - slowly until it hits the hardware Some troubles it causes are like: weakens the battery, a certain guy made a 2 minute call with full batt charged, after the said call, the batt meter suddenly plummeted to it's lowest - shutting the fone off , the word 'Caribe' always appears on the screen no matter what the owner does with the handset, the virus wants to hack as many celfones as possible, given the good opportunity, it will emit datas mostly via Bluetooth
Celfone experts tracked the source of the virus in the net, and found out that the authors were group of 'satanist', decoding the word 'Caribe' they've found a number '666' combination out of it
So next time you are out in public places - NEVER open your Bluetooth devices as it may acquire the said virus, without you knowing it Take extra precaution mates !
--
Posted: 2004-08-17 23:26:41
Edit : Quote

rdnymllnsktr Posts: > 500

I think this only applies to symbian (smart) phones. This message was posted from a T616
--
Posted: 2004-08-18 07:41:39
Edit : Quote

GOwin Posts: > 500

From Symantec:
Quote:SymbOS.Cabir is a proof-of-concept worm that replicates on Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range. The worm spreads as a .SIS file, which is installed into the APPS directory.

There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.


Also Known As: EPOC.Cabir, Worm.Symbian.Cabir.a [Kaspersky], Cabir [F-Secure], EPOC/Cabir.A [Computer Associates], Symb/Cabir-A [Sophos], EPOC_CABIR.A [Trend], Symbian/Cabir [McAfee]
Type: Worm
Infection Length: 15104 (caribe.sis), 11944 (caribe.app), 11498 (flo.mdl), 44 (caribe.rsc)
Systems Affected: EPOC
Systems Not Affected: DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX, Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

To remove:
Quote:To remove SymbOS.Cabir:

Install a file manager program on the phone.
Enable the option to view the files in the system directory.
Search the drives, A through Y, for the SYSTEMAPPSCARIBE directory.
Delete the files CARIBE.APP, CARIBE.RSC, and FLO.MDL from the CARIB directory.
Go to the C:SYSTEMSYMBIANSECUREDATACARIBESECURITYMANAGER directory.
Delete the files CARIBE.APP, CARIBE.RSC, and CARIBE.SIS.
Go to the C:SYSTEMRECOGS directory.
Delete the file, FLO.MDL.
Go to the C:SYSTEMINSTALLS directory.
Delete the file, CARIBE.SIS.

Note: You cannot delete the file CARIBE.RSC when the program is running.

If you cannot delete this file in steps 4 and 6, delete all the files that you can, restart the phone, and then delete the CARIBE.RSC file.


For more information about this worm:
Worm.SymbOS.Cabir.a
F-Secure Virus Descriptions : Cabir

There is a WAP-downloadable Capir-removal utility from Kaspersky Labs

Quote:How to use the utility:
upload the installation file, decabir.sis, to the handset, and launch it.
choose the Decabir icon in the main menu
if the handset is not infected, the message 'Device is clean' will be displayed.
if the handset is infected, the message 'Cabir has been removed. Please reboot' will be displayed. You should now switch your handset off and on again.


[ This Message was edited by: GOwin on 2004-08-18 07:07 ]
--
Posted: 2004-08-18 08:03:24
Edit : Quote

swipe108 Posts: 264

Is uiq also affected?
--
Posted: 2004-08-18 09:08:58
Edit : Quote

Elrond Posts: > 500

It's stated series 60, so probably no.
--
Posted: 2004-08-18 09:13:00
Edit : Quote

slattery69 Posts: > 500

according to my symbian all symbian phones are at risk from it there list included the p series
--
Posted: 2004-08-18 09:15:58
Edit : Quote

*Jojo* Posts: > 500

@gowin - Nice 'info' back there dude A thorough one indeed, including tips on how to remove the 'caribe' virus from the fone being infected !
--
Posted: 2004-08-18 23:16:44
Edit : Quote
New Topic   Reply
Forum Index

Esato home