Alias:Commwarrior.A [F-Secure], SymbOS/Commwarrior.a [McAfee], SymbOS/Commwarrior.A[Symantec]
Type:Worm 
Size:30.582 bytes 
Origin: 
Date:03-08-2005 
Damage: 
VDF Version:6.30.00.22 
Danger:Low 
Distribution:Low 

General DescriptionAffected platforms:
* Windows 95
* Windows 98
* Windows ME
* Windows NT
* Windows 2000
* Windows XP
* Windows Server 2003

DistributionThe worm is able to spread over active Bluetooth connections and via MMS messages.

Technical DetailsSymbOS/Commwarrier.a is a worm, which is executable on Symbian devices of the 60 Series.
If the worm infects a Smartphone device, it starts a searching operation for other telephones in the environment of the Bluetooth connection and sends its virulent SIS files to those telephones. The SIS file is sent with different filenames.

Additionally, the worm is able to read out the telephone numbers from the address book and to send a MMS message with a virulent SIS file:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!

Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!

Subject: MatrixRemover
Message: Matrix has you. Remove matrix!

Subject: 3DGame
Message: 3DGame from me. It is FREE !

Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!

Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.

Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.

Subject: Security update #12
Message: Significant security update. See www.symbian.com

Subject: Display driver
Message: Real True Color mobile display driver!

Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!

Subject: Symbian security update
Message: See security news at www.symbian.com

Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!

Subject: Free SEX!
Message: Free *SEX* software for you!

Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!

Subject: Porno images
Message: Porno images collection with nice viewer!

Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.

Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!

Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!

Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.

Subject: Desktop manager
Message: Official Symbian desctop manager.

Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm

Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.

Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!

Subject: Free SEX!
Message: Free *SEX* software for you!

Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!

Subject: Porno images
Message: Porno images collection with nice viewer!

Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.

Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!

Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!

Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.

Subject: Desktop manager
Message: Official Symbian desctop manager.

Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm


In order to remove the worm, the following files must be deleted:

c:\system\recogs\ commrec.mdl
c:\system\updates\ commrec.mdl
c:\system\updates\ commw.sis
c:\system\updates\ commrwarrior.exe
c:\system\apps\ CommWarrior\commwarrior.exe
c:\system\apps\ CommWarrior\commrec.mdl


(Attention: After the file c:\system\recogs\commrec.mdl gets deleted, the device must be rebooted, so that it can also delete the other files.)
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .