| Author |
Tips Beselo.B virus for Nokia |
mUzKa
Joined: Nov 04, 2010
Posts: 1
From: de_dust
PM |
Worm:SymbOS/Beselo.B Name :
Worm:SymbOS/Beselo.B
Category: Malware Type:
Bluetooth-Worm Platform:
SymbOS Origin: Asia Date of
Discovery: December 21, 2007 Summary Beselo.B is an MMS
and Bluetooth
worm that operates on
Symbian
S60 Second Edition devices.
Beselo.B spreads via MMS messages and Bluetooth using
the filenames beauty.jpg,
sex.mp3, or love.rm.
Disinfection CAUTION! this
method will remove
all data on the device including calendar and phone numbers:
• Power off the phone • Hold the following three buttons
down - "answer call" +
"*" + "3"
• Keep holding down the buttons and power on the
phone
• Depending on the model, you will either get text that reads
"formatting" or a start-up
dialog
that asks for the initial phone
settings
• Your phone is now formatted and can be used again
To prevent future infections,
please download F-Secure
Mobile
Anti-Virus from here: http://f-
secure.mobi. Additional Details Infection The worm's SIS
installation
package contains .exe, .ini,
and .dat files named using a
random format that has seven
letters followed by the extension. For example,
qsnpwsg.exe,qsnpwsg.ini, and
qsnpwsg.dat.
When Beselo.B is run the
installer
will copy the worm's main executable to C:\system\data
and execute. After execution
the worm will copy its
executable file
to C:\system\apps with the
same name as worm's main
executable.
Additionally, the worm creates
a
new unique SIS installation
package to C:\systems\apps and recognizer to C:\system
\recogs
with the name that has the
same first four letters as
worm's
executable. If the phone has a memory card the worm will
also
copy itself there. To summarize,
here is a list of all files created
in one installation using
example filenames.
Files created on the phone:
• c:\system\data\qsnpwsg.exe • c:\system\data\qsnpwsg.dat • c:\system\data\qsnpwsg.ini • c:\system\apps\qsnpwsg.exe • c:\system\apps\qsnpwsg.sis • c:\system\recogs\gsnp.mdl
Files created on the memory
card:
• e:\system\apps\qsnpwsg.exe • e:\system\recogs\gsnp.mdl Hiding and Protecting the
Process from the User Beselo.B
attempts to hide its
process from the user by
running as executable, so that it
is not visible in the standard application list. The process is
visible in third party tools that
show system processes. It is
named with same random
name
as the worm's main executable. The worm protects its process
from being killed by setting the
process type to "system". It is
not possible to kill a system
process. Replication via MMS
Messages Beselo.B replicates using MMS
with SIS files that have the text
"Photo" as message body and a
SIS file attachment named
beauty.jpg, sex.mp3, or
love.rm. The MMS messages are sent in 1
minute interval to either
numbers found in the device
phone book or else to internally
generated numbers.
Beselo.B also listens for incoming
SMS messages and responds to
any message with an infected
MMS message. Replication via
Bluetooth Beselo.B replicates
using Bluetooth in SIS files using the
same name as the MMS
messages. Bluetooth messages
are attempt in one minute
intervals to one phone number
at a time. The extension used in the worm
installation file causes the
message to be shown with an
icon that indicates a broken
media file. Replication to an
MMC Card Beselo.B listens for any MMC
cards inserted to the infected
phone, and copies itself to
inserted card. The infected card
contains both the worm
executable and the bootstrap component, so that if infected
card is inserted into another
phone it will also be infected. |
|
|
jeni271
Joined: Nov 30, 2009
Posts: 315
From: Hilongos. Leyte Philippines
PM |
hindi po b kasali s60v3 sa .SIS na yan?
May rason tayo sa pagising ng umaga.
May rason tayo para mabuhay. |
exaflare23
Joined: May 21, 2009
Posts: 227
From: Carmona, Philippines
PM |
example ng virus love.rm
Nadetect ng anti-virus ko.
"You don't need a reason to help people" -Nokia N82 5.0MP Carl Zeiss Optics -My|Phone A878 Duo My C901 Shots flickr |
adiktus
Joined: Jul 17, 2010
Posts: 19
PM |
Old virus. Trojan developers have stopped creating viruses for symbian OS. They are now shifting to high-end smartphones OS like Android, iPhone, and Windows Phone 7. (as per PC World article) |
jeffcua
Joined: Mar 19, 2010
Posts: 357
From: davao city/phillippines
PM, WWW
|
san pwede maidownload ang mga virus na yan?at ng maidownload.he.he.
SEK550i-k810i/operamini6.1handler  you can win if you want |
exaflare23
Joined: May 21, 2009
Posts: 227
From: Carmona, Philippines
PM |
On 2010-11-24 13:40:00, adiktus wrote:
Old virus. Trojan developers have stopped creating viruses for symbian OS. They are now shifting to high-end smartphones OS like Android, iPhone, and Windows Phone 7. (as per PC World article)
good news 
"You don't need a reason to help people" -Nokia N82 5.0MP Carl Zeiss Optics -My|Phone A878 Duo My C901 Shots flickr |
_helter_
Joined: Oct 23, 2010
Posts: 31
PM |
@exa. san ka nakakuha ng kapersky? tagal ko ng ngssearch nyan. puro evaluation lang nakukuha ko. |
zyren17
Joined: Sep 23, 2010
Posts: 0
PM |
@author wla kbng activation code sa f_secure? |
|
|
Posted: 2010-11-23 03:30
you can win if you want
