Home / malwarePDF  

SymbOS.Worm.Beselo.B


First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for SymbOS.Worm.Beselo.B.

Explanation :

SymbOS.Worm.Beselo.B is a worm that infects devices with Symbian S60 Second Edition. It spreads by sending copies of itself through MMS and Bluetooth as a message with "Photo" as body and with as an installation file attached. Instead of using the standard .sis extension, it uses beauty.jpg, sex.mp3 and love.rm as filenames to make the users think it's a multimedia file. The operating system recognizes the file as an installation file and prompts asking for installation. Users are advised to never accept an installation triggered by a media file.

The installer copies the worm's executable in C:systemdata with a random name(7 characters long, given by the sender). When executed, the worm copies itself in C:systemapps with the same name.

As a protection measure, it sets its process as a system process(making it invisible for the default process lister). Also, the worm waits for incoming MMS messages and replies with an infected MMS and infects memory cards inserted in the infected phone.

Last update 21 November 2011

 

TOP