Note: Data below are based on the Virus Encyclopedia entry for
SYMBOS_COMWAR.C which has been available since October 16,
2005.


Some very interesting twists have been added to this new
variant…looks like its evolving and are learning new tricks and
social engineering skills.:)


Aside from spreading through bluetooth it also sends itself as an
MMS message.


It propagates via MMS in two ways.

• First, It sends an MMS message to all the contacts in the phone
  book. In the body it refers to the attached file as an Antivirus
  Application.
• The second technique, which is whats interesting, is by sending
  an MMS message as a reply to a received message. The body of the
  MMS reply is copied from the received message.

So using the second technique, a would be user would be easily
fooled into opening the message since it is just a reply from his
MMS.


This Symbian malware also drops a number of component files in the
malwares phone. While running it then monitors the said files and
when any of them gets deleted another copy of the deleted file is
dropped.


This would ensure the smooth execution of the malware.


This variant of SYMBOS_COMWAR is absolutely a step forward with
regards to Symbian Malwares.


With its impressive social engineering skills and code evolving in
just the third variant…are we seeing the making of the BAGLE of
Symbian Malwares? lets wait and see…