| Author |
Series 60 Virus Alert! |
whizkidd
Joined: May 14, 2004
Posts: > 500
From: India
PM, WWW
|
A new Commwarrior variant in the wild
For release October 18, 2005
F-Secure's Viruslab received a sample of a new Commwarrior variant,
Commwarrior.C on last Wednesday. It is probably the most dangerous mobile
phone virus detected so far. Luckily it doesn't seem to be widespread yet.
Commwarrior.C spreads over Bluetooth using random file names as earlier
variants do, but the MMS functionality is different. Commwarrior.C goes
through the address book and sends messages to numbers found in there, just
like A and B variants did. But in addition, it also mimics the users MMS
behavior. Commwarrior.C listens for any arriving MMS and SMS messages and
replies to them with an infected MMS. And when the user sends a SMS message,
Commwarrior follows this by sending immediately a second message to the same
address: an infected MMS. The messages being sent by Commwarrior.C contain
texts gathered from SMS messages that are stored on the phone, which means
that the recipient of MMS message will receive a text that doesn't seem too
strange.
Together these make a very strong social engineering trick: you send a SMS
message to an infected friend, and his phone immediately answers you back
with an infected MMS, completed with a message text stolen from random
earlier messages!
Commwarrior.C also copies itself on any MMC card inserted into the phone, so
it is also a virus capable of spreading to other phones if you share your
card.
Regardless of the spreading method, the recipient still has to accept and
install the SIS file of the virus, and accept the usual system warning of
installing an unsigned application.
In addition of spreading, Commwarrior.C also contains some payloads, by which
it indicates that it has infected the phone. On some phones the Commwarrior
changes the operator logo to it's own logo which contains text "Infected by
CommWarrior".
The virus might also open a web page to the phone's browser. This website
(which is hosted in Russia) has lifted some of it's content from F-Secure's
web pages at mobile.f-secure.com.
Commwarrior.C is detected by F-Secure Mobile Anti-Virus since October 13,
2005.
Be careful folks!
T230 >> T610 >> Ngage QD >> N73 >> N85 >> Omnia HD >> And countless other review units | |
|
govigov
Joined: Jul 30, 2004
Posts: > 500
From: Back home - Cochin
PM |
Where can I get a copy of this virus?
This message was posted from a P800 |
BlueQuill
Joined: Jul 29, 2005
Posts: 419
From: India
PM |
There was an earlier report of a virus named caribe. It also attacked symbian s60.
This message was posted from a Nokia |
Kryptik
Joined: Jun 24, 2005
Posts: > 500
From: Port Elizabeth, S.Africa
PM |
Hmmm, i know of a site or two where some crazy people actually exchange virii. Needless to say, i browse that site without ever ever ever downloading anything...
This message was posted from a Nokia |
hotcha
Joined: Apr 08, 2005
Posts: 93
From: bristol
PM |
Scary. Only a matter of time til stuff like this gets more widespread. | |
|
Access the forum with a mobile phone via esato.mobi
|
Posted: 2005-10-18 18:19
