Home / malware Worm:SymbOS/Corrior.B
First posted on 12 October 2010.
Source: SecurityHomeAliases :
Worm:SymbOS/Corrior.B is also known as SymbOS/Commwarrior.B (Authentium (Command)), SymbOS/Commwarrior.B (Norman), SymbOS/CommWarrior.B (AVG), SymbOS/CommWarrior.K (Avira), SymbOS.Worm.CommWar.B (BitDefender), SymbOS/Commwarrior.B (CA), Symbian.CommWar.2 (Dr.Web), SymbOS/Commwarrior.B (ESET), Worm.SymbOS.Comwar (Ikarus), Worm.SymbOS.Comwar.c (Kaspersky), SymbOS/Commwarrior.b!exe (McAfee), SymbOS/CommWarrior.B (Panda), Worm.SymbOS.Comwar.j (Rising AV), Symb/Ruscan-A (Sophos), SymbOS.Commwarrior.A (Symantec), SymbOS_ComWAR.B (Trend Micro) more.
Explanation :
Worm:SymbOS/Corrior.B is a detection of malware that runs on Symbian OS and spreads itself over MMS (Multimedia Messaging Service) and Bluetooth.
Top
Worm:SymbOS/Corrior.B is a detection of malware that runs on Symbian OS and spreads itself over MMS (Multimedia Messaging Service) and Bluetooth. Installation Worm:SymbOS/Corrior.B may arrive as a .sis installation package. Once installed, it may be installed as the following files:c:\system\apps\CommWarrior\commwarrior.exe c:\system\apps\CommWarrior\commrec.mdl - detected as Worm:SymbOS/Corrior.A!ezboot Worm:SymbOS/Corrior.B also copies its components as following:c:\system\recogs\commrec.mdl - detected as Worm:SymbOS/Corrior.A!ezboot c:\system\updates\commrec.mdl - detected as Worm:SymbOS/Corrior.A!ezboot c:\system\updates\commwarrior.exe - detected as Worm:SymbOS/Corrior.B c:\system\updates\commw.sis - the worm's installation package Payload Sends messages to remote devices Worm:SymbOS/Corrior.B tries to search nearby phones using Bluetooth, and send the installation package (c:\system\updates\commw.sis) to a remote device with a random name. Worm:SymbOS/Corrior.B tries to attach the installation package (c:\system\updates\commw.sis) to an MMS, which contains one of following subject and body text, to number found in address book: Subject: Norton AntiVirus Body: Released now for mobile, install it! Subject: Dr.Web Body: New Dr.Web antivirus for Symbian OS. Try it! Subject: MatrixRemover Body: Matrix has you. Remove matrix! Subject: 3DGame Body: 3DGame from me. It is FREE ! Subject: MS-DOS Body: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! Subject: PocketPCemu Body: PocketPC *REAL* emulator for Symbvian OS! Nokia only. Subject: Nokia ringtoner Body: Nokia RingtoneManager for all models. S ubject: Security update #12 Body: Significant security update. See www.symbian.com Subject: Display driver Body: Real True Color mobile display driver! Subject: Audio driver Body: Live3D driver with polyphonic virtual speakers! Subject: Symbian security update Body: See security news at www.symbian.com Subject: SymbianOS update Body: OS service pack #1 from Symbian inc. Subject: Happy Birthday! Body: Happy Birthday! It is present for you! Subject: Free SEX! Body: Free *SEX* software for you! Subject: Virtual SEX Body: Virtual SEX mobile engine from Russian hackers! Subject: Porno images Body: Porno images collection with nice viewer! Subject: Internet Accelerator Body: Internet accelerator, SSL security update #7. Subject: WWW Cracker Body: Helps to *CRACK* WWW sites like hotmail.com Subject: Internet Cracker Body: It is *EASY* to *CRACK* provider accounts! Subject: PowerSave Inspector Body: Save you battery and *MONEY*! Subject: 3DNow! Body: 3DNow!(tm) mobile emulator for *GAMES*. Subject: Desktop manager Body: Official Symbian desctop manager. Subject: CheckDisk Body: *FREE* CheckDisk for SymbianOS released!MobiComm Subject: MobiComm, Mobile communications inspector. Try it! Body:
Analysis by Shawn WangLast update 12 October 2010
