Home / malware Worm:SymbOS/Corrior.A!ezboot
First posted on 12 October 2010.
Source: SecurityHomeAliases :
Worm:SymbOS/Corrior.A!ezboot is also known as SymbOS/CommWarrior.A!m (Authentium (Command&, Worm.SymbOS.Comwar.a (Kaspersky), SymbOS/Commwarrior.A (Norman), SymbOS/CommWarrior.A (AVG), SYMBOS/Comwar.a.1 (Avira), SymbOS.Worm.CommWar.A (BitDefender), SymbOS/Commwarrior.A (CA), SymbOS/Commwarrior (ESET), Worm.SymbOS.Comwar (Ikarus), SymbOS/Commwarrior!ezboot (McAfee), SymbOS/CommWarrior.A (Panda), Worm.SymbOS.Comwar.g (Rising AV), Symb/Comwar-A (Sophos), SymbOS.Commwarrior.A (Symantec), SymbOS_COMWAR.A (Trend Micro).
Explanation :
Worm:SymbOS/Corrior.A!ezboot is a Symbian worm that may arrive in a device through Bluetooth.
Top
Worm:SymbOS/Corrior.A!ezboot is a Symbian worm that may arrive in a device through Bluetooth. Installation Worm:SymbOS/Corrior.A!ezboot may arrive in the device via Bluetooth. It may arrive as a SIS file with a random file name, or as an MMS with any of the following details: Subject: Norton AntiVirus Message: Released now for mobile, install it! Subject: Dr.Web Message: New Dr.Web antivirus for Symbian OS. Try it! Subject: MatrixRemover Message: Matrix has you. Remove matrix! Subject: 3DGame Message: 3DGame from me. It is FREE ! Subject: MS-DOS Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: PocketPCemu Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only. Subject: Nokia ringtoner Message: Nokia RingtoneManager for all models. Subject: Security update #12 Message: Significant security update. See www.symbian.com Subject: Display driver Message: Real True Color mobile display driver! Subject: Audio driver Message: Live3D driver with polyphonic virtual speakers! Subject: Symbian security update Message: See security news at www.symbian.com Subject: SymbianOS update Message: OS service pack #1 from Symbian inc. Subject: Happy Birthday! Message: Happy Birthday! It is present for you! Subject: Free SEX! Message: Free *SEX* software for you! Subject: Virtual SEX Message: Virtual SEX mobile engine from Russian hackers! Subject: Porno images Message: Porno images collection with nice viewer! Subject: Internet Accelerator Message: Internet accelerator, SSL security update #7. Subject: WWW Cracker Message: Helps to *CRACK* WWW sites like hotmail.com Subject: Internet Cracker Message: It is *EASY* to *CRACK* provider accounts! Subject: PowerSave Inspector Message: Save you battery and *MONEY*! Subject: 3DNow! Message: 3DNow!(tm) mobile emulator for *GAMES*. Subject: Desktop manager Message: Official Symbian desctop manager. Subject: CheckDisk Message: *FREE* CheckDisk for SymbianOS released!MobiComm It may drop the following files: C:\System\updates\commwarrior.exe - detected as Worm:SymbOS/Corrior.B C:\System\updates\commrec.mdl - detected as Worm:SymbOS/Corrior.A!ezboot C:\System\apps\commwarrior\commwarrior.exe C:\System\apps\commwarrior\commrec.mdl C:\System\recogs\commrec.mdl C:\System\updates\commw.sis Spreads via... Memory cards If a memory card is present in the device, Worm:SymbOS/Corrior.A!ezboot may copy itself and another malware in it as the following: <drive>:\System\apps\CommWarrior\commwarrior.exe - detected as Worm:SymbOS/Corrior.B <drive>:\System\apps\CommWarrior\commrec.mdl - detected as Worm:SymbOS/Corrior.A!ezboot When the device boots up, commrec.mdl loads commwarrior.exe. Payload Drops and runs other malware Worm:SymbOS/Corrior.A!ezboot drops and runs another malware, detected as Worm:SymbOS/Corrior.B, as specified in the Installation and Spreads via... sections.
Analysis by Andrei Florin SaygoLast update 12 October 2010
