| Author |
'caribe' - new celfone virus |
*Jojo*
Joined: Oct 15, 2003
Posts: > 500
PM |
As I watch a local news late last night, the show made feature of a new 'virus' that was detected from a celfone  This may sound like a re-run to some folks here, but I was just shocked to see that virus now really have infiltrated our celfone, for a while I thought that it only applies to PC and the like  The mode of transfer can be made via 'Bluetooth', so 'bluejackers' beware. As it enters your fones system, it will destroy some of the softwares first - slowly until it hits the hardware Some troubles it causes are like: weakens the battery, a certain guy made a 2 minute call with full batt charged, after the said call, the batt meter suddenly plummeted to it's lowest - shutting the fone off , the word 'Caribe' always appears on the screen no matter what the owner does with the handset, the virus wants to hack as many celfones as possible, given the good opportunity, it will emit datas mostly via Bluetooth 
Celfone experts tracked the source of the virus in the net, and found out that the authors were group of 'satanist', decoding the word 'Caribe' they've found a number '666' combination out of it
So next time you are out in public places - NEVER open your Bluetooth devices as it may acquire the said virus, without you knowing it  Take extra precaution mates ! | |
|
rdnymllnsktr
Joined: Feb 04, 2004
Posts: > 500
From: California, but now in Plano,
PM, WWW
|
I think this only applies to symbian (smart) phones.
This message was posted from a T616 |
GOwin
Joined: Jan 17, 2002
Posts: > 500
From: .uʍop ǝpısdn s&
PM, WWW
|
From Symantec:
Quote:
| SymbOS.Cabir is a proof-of-concept worm that replicates on Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range. The worm spreads as a .SIS file, which is installed into the APPS directory.
There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Also Known As: EPOC.Cabir, Worm.Symbian.Cabir.a [Kaspersky], Cabir [F-Secure], EPOC/Cabir.A [Computer Associates], Symb/Cabir-A [Sophos], EPOC_CABIR.A [Trend], Symbian/Cabir [McAfee]
Type: Worm
Infection Length: 15104 (caribe.sis), 11944 (caribe.app), 11498 (flo.mdl), 44 (caribe.rsc)
Systems Affected: EPOC
Systems Not Affected: DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX, Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
|
To remove:
Quote:
| To remove SymbOS.Cabir:
Install a file manager program on the phone.
Enable the option to view the files in the system directory.
Search the drives, A through Y, for the SYSTEMAPPSCARIBE directory.
Delete the files CARIBE.APP, CARIBE.RSC, and FLO.MDL from the CARIB directory.
Go to the C:SYSTEMSYMBIANSECUREDATACARIBESECURITYMANAGER directory.
Delete the files CARIBE.APP, CARIBE.RSC, and CARIBE.SIS.
Go to the C:SYSTEMRECOGS directory.
Delete the file, FLO.MDL.
Go to the C:SYSTEMINSTALLS directory.
Delete the file, CARIBE.SIS.
Note: You cannot delete the file CARIBE.RSC when the program is running.
If you cannot delete this file in steps 4 and 6, delete all the files that you can, restart the phone, and then delete the CARIBE.RSC file. |
|
For more information about this worm:
Worm.SymbOS.Cabir.a
F-Secure Virus Descriptions : Cabir
There is a WAP-downloadable Capir-removal utility from Kaspersky Labs
Quote:
| How to use the utility:
upload the installation file, decabir.sis, to the handset, and launch it.
choose the Decabir icon in the main menu
if the handset is not infected, the message 'Device is clean' will be displayed.
if the handset is infected, the message 'Cabir has been removed. Please reboot' will be displayed. You should now switch your handset off and on again. |
|
[ This Message was edited by: GOwin on 2004-08-18 07:07 ] |
swipe108
Joined: Mar 18, 2004
Posts: 264
From: Philippines
PM |
Is uiq also affected? |
Elrond
Joined: May 14, 2003
Posts: > 500
From: Slovakia
PM, WWW
|
It's stated series 60, so probably no.
|
slattery69
Joined: Jan 03, 2003
Posts: > 500
From: north east england
PM |
according to my symbian all symbian phones are at risk from it there list included the p series |
*Jojo*
Joined: Oct 15, 2003
Posts: > 500
PM |
@gowin - Nice 'info' back there dude A thorough one indeed, including tips on how to remove the 'caribe' virus from the fone being infected ! | |
|
Access the forum with a mobile phone via esato.mobi
|
Posted: 2004-08-17 23:26
K750i, Nokia 6120c and a HP iPAQ hx4700 
