We have received a sample of a Symbian
malware that exhibits the same behaviour as of the SYMBOS_COMWAR
family.
The first generation of the malware arrives as one of the files
inside a pirated copy of SymCommander software. SymCommander is a
file management software specifically used for Symbian
phones.
The actual malicious file inside the pirated copy of SymCommander
SIS package is named cwoutcast.exe. Just like the other
SYMBOS_COMWAR variants A and B, it also propagates through MMS by
sending a copy of itself as a .SIS installer. It also propagates
through Bluetooth by sending itself in a randomly generated
filename.
It is also noticeable the embedded string on the cwoutcast.exe as
qouted below.
“CommWarrior Outcast: The dark side of Symbian
Force.
CommWarrior v2.0-PRO. Copyright (c) 2005 by e10d0r
CommWarrior is freeware product. You may freely distribute it
in it’s original unmodified form.
With best regards from Russia.
OTMOP03KAM HET!”
malware that exhibits the same behaviour as of the SYMBOS_COMWAR
family.
The first generation of the malware arrives as one of the files
inside a pirated copy of SymCommander software. SymCommander is a
file management software specifically used for Symbian
phones.
The actual malicious file inside the pirated copy of SymCommander
SIS package is named cwoutcast.exe. Just like the other
SYMBOS_COMWAR variants A and B, it also propagates through MMS by
sending a copy of itself as a .SIS installer. It also propagates
through Bluetooth by sending itself in a randomly generated
filename.
It is also noticeable the embedded string on the cwoutcast.exe as
qouted below.
“CommWarrior Outcast: The dark side of Symbian
Force.
CommWarrior v2.0-PRO. Copyright (c) 2005 by e10d0r
CommWarrior is freeware product. You may freely distribute it
in it’s original unmodified form.
With best regards from Russia.
OTMOP03KAM HET!”
Update
The sample has been given the detection name
SYMBOS_COMWAR.C.
SYMBOS_COMWAR.C.
