Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us


    This new symbian malware is similar to other symbian malware in the sense that it overwrites normal files in the system in order to destroy them. However, it has a particularly interesting characteristic where it attempts to spread infection to a computer running in Windows OS. This is because this malware drops these 4 files into the E: directory (which is the memory card):


    fsb.exe – BKDR_BERBEW.Q
    buburuz.ICO – Icon file for the memory card
    autorun.inf – file used to automatically execute fsb.exe
    SYSTEM.exe – WORM_WUKILL.B


    Thus, when the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, the file SYSTEM.exe may not have an automatic startup routine, but since it has the icon of a folder, this could be executed by an unsuspecting user who wants to open this “folder”.

    Note: This malware will be detected as SYMBOS_CARDTRP.A


    Dropped Files

    • E:DOCUME~1BimLOCALS~1TempMKS0CARIBE.SIS – already detected as SymbOS_CABIR.A
    • E:SYSTEM.exe – already detected as WORM_WUKILL.B
    • E:fsb.exe – already detected as BKDR_BERBEW.Q
    • E:SystemAppsWILDSKINWILDSKIN.App
    • C:SystemAppsWALLETAVMGMTWALLETAVMGMT.App
    • C:SystemAppsVoicerecorderVoicerecorder.app
    • C:SystemAppsVoiceRecVoiceRec.app
    • C:SystemAppsVMVm.app
    • C:SystemAppsVideorecorderVideoRecorder.app
    • C:SystemAppsVCommandVCommand.app
    • E:SystemAppsUVSMStyleUVSMStyle.App
    • E:SystemAppsUltraMP3UltraMP3.App
    • C:SystemAppsTodoTodo.app
    • E:SystemAppsSystemExplorerSystemExplorer.App
    • C:SystemAppssSaversSaver.App
    • C:SystemAppsSpeedDialSpeeddial.app
    • E:SystemAppsSounderSounder.App
    • C:SystemAppsSnakeExSnakeEx.app
    • E:SystemAppsSmsMachineSmsMachine.App
    • E:SystemAppsSmartMovieSmartMovie.App
    • E:SystemAppsSmartAnswerSmartAnswer.App
    • C:SystemAppsSimDirSimDir.app
    • E:SystemAppsScreenCapScreenCap.app
    • C:SystemAppsSatUiSatui.app
    • E:SystemAppsRingMasterRingMaster.App
    • C:SystemAppsRealPlayerRealPlayer.app
    • E:SystemAppsRallyProContestRallyProContest.App
    • E:SystemAppsPVPlayerPVPlayer.App
    • C:SystemAppsPslnPSLN.app
    • C:SystemAppsProfileAppProfileApp.app
    • C:SystemAppsPinboardPinboard.app
    • E:SystemAppsPhotoSMSPhotoSMS.App
    • E:SystemAppsPhotoSafePhotoSafe.App
    • E:SystemAppsPhotographerPhotographer.app
    • E:SystemAppsPhotoEditorPhotoEditor.app
    • C:SystemAppsPhotoAlbumPhotoAlbum.app
    • E:SystemAppsphotoacutephotoacute.App
    • C:SystemAppsPhoneBookPhoneBook.app
    • !:SystemAppsPhoneFREAKPHONE_CAPTION.RSC
    • !:SystemAppsPhoneFREAKPHONE.RSC
    • E:SystemAppsPhoneFREAKPHONE.APP
    • E:SystemAppsPhoneFreakPhone.aif
    • C:SystemAppsNSmlDSSyncNSmlDSSync.app
    • C:SystemAppsNotepadNotepad.app
    • C:SystemAppsMusicPlayerMusicPlayer.app
    • E:SystemAppsMp3PlayerMp3Player.App
    • E:SystemAppsMp3GoMp3Go.App
    • C:SystemAppsmmpmmp.App
    • C:SystemAppsMMCAppMMCApp.app
    • C:SystemAppsMixPixMixPix.app
    • C:SystemAppsMidpUiMidpUi.app
    • E:SystemAppsMIDIEDMIDIED.App
    • !:SystemAppsMenuFreakMenu_caption.rsc
    • !:SystemAppsMenuFREAKMENU.RSC
    • !:SystemAppsMenuFREAKMENU.APP
    • E:SystemAppsMenuFreakMenu.aif
    • C:SystemAppsMediaplayerMediaPlayer.app
    • C:SystemAppsMediaGalleryMediaGallery.app
    • C:SystemAppsMCEMCE.app
    • C:SystemAppsLogsLogs.app
    • E:SystemAppslogoManlogoMan.app
    • E:SystemAppsLauncherLauncher.app
    • E:SystemAppsKPCaMainKPCaMain.App
    • E:SystemAppsJellyJelly.App
    • E:SystemAppsirremoteirRemote.App
    • C:SystemAppsIrAppIrApp.app
    • E:SystemAppsHantroCPHantroCP.App
    • E:SystemAppsHairHair.App
    • C:SystemAppsGSGS.app
    • E:SystemAppsFSCallerFSCaller.App
    • C:SystemAppsFMRadioFMRadio.app
    • C:SystemAppsFileManagerFileManager.app
    • E:SystemAppsFExplorerFExplorer.App
    • C:SystemAppsFdnFDN.app
    • C:SystemAppsFaxModemUiFaxModemUi.app
    • E:SystemAppsFaceWarpFaceWarp.App
    • E:SystemAppsextendedrecorderextendedrecorder.App
    • E:SystemAppsETIPlayerETIPlayer.App
    • E:SystemAppsETIMovieAlbumETIMovieAlbum.App
    • E:SystemAppsETICamcorderETICamcorder.App
    • C:SystemAppsCSHelpCSHelp.app
    • C:SystemAppsConverterConverter.app
    • C:SystemAppsConnectionMonitorUiConnectionMonitorUi.app
    • C:SystemAppsComposerComposer.app
    • C:SystemAppsClockAppClockApp.app
    • E:SystemAppsCFCF.app
    • E:SystemAppscamerafxCameraFX.App
    • C:SystemAppsCameraCamera.app
    • C:SystemAppsCamcorderCamcorder.app
    • E:SystemAppsCamcoderCamcoder.App
    • E:SystemAppsCallManagerCallManager.App
    • E:SystemAppscallcheatercallcheater.app
    • C:SystemAppsCalendarCalendar.app
    • C:SystemAppsCalcSoftCalcSoft.app
    • C:SystemAppsBrowserBrowser.app
    • E:SystemAppsBlueJackXBlueJackX.App
    • E:SystemAppsBlackListBlackList.App
    • C:SystemAppsAppMngrAppMngr.app
    • C:SystemAppsAppCtrlAppCtrl.app
    • E:SystemAppsAnswRecAnswRec.App
    • E:SystemAppsAD7650AD7650.App
    • C:SystemAppsAboutAbout.app
    • E:buburuz.ICO
    • E:autorun.inf
    • PopUp0.txt



    Update
    Previously, we have come to define an example of a “blended threat” as a Windows worm that either spreads via multiple propagation vectors such as email, IM, network shares and application vulnerabilities and/or a worm that has capabilities of other malwares such as file-infectors, backdoor trojans or even spywares.

    Now, we may see a slightly new encounter of another implementation of what a “blended threat” is or could be in the near future – a mobile malware that has the capability to affect the Windows platform!… Ergo, let the battlecry linger on – Let’s continue to be vigilant!

    As Raimund Genes, Trend Micro Chief Technologist Anti-Malware has said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice