know your cellphone VIRUS!!!

[markyap]

Cabir.A

Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.

Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.

When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range.

Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode.

Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm.

But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings.


Cabir.B

Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots.

Cabir.A displays text "Caribe-VZ/29a" while Cabir.B displays text that contains just "Caribe".

There is also repacked version of Cabir.B that is packed into SIS file, which installs the worm into different directory and shows text popup at SIS install. But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file.


Cabir.C


Cabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.C spreads as MYTITI.SIS instead of Cabir.SIS.

Cabir.C displays text "Mytiti" while Cabir.B displays text that contains just "Caribe".


Cabir.D

Cabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D spreads as [YUAN].SIS instead of Cabir.SIS.

Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe".



Cabir.E

Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS.

Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe".


Cabir.Dropper


Cabir.Dropper is Symbian installation file that will install Cabir.B, Cabir.C and Cabir.D into the device and disables the Bluetooth control application. The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis (WATCH OUT FOR THIS GUYZ!)

The Cabir.Dropper installs different Cabir variants into several places in the device file system. Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank.

If user clicks on one of the replaced icons in the menu, the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS) without other Cabir variants or Cabir.Dropper.

The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot, but fails as the autostart component points into directory that is not installed on the device.



Skulls.A

Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.



Skulls.B

Skulls.B is a variant of SymbOS/Skulls.A trojan, which has similar functionality to the Skulls.A but uses different files.

Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone.

The Cabir dropped by Skulls.B does not activate automatically, but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones.

The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system).

The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did.

If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B, which fortunately, is not able to activate automatically.

If you have installed Skulls.B, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.



Qdial.A

This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.

It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.

It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.

Unlike worms, it does not spread itself to other contacts in the phone.



DISINFECTION:
for safe removal better bring it to GIZMO CELLPHONE WIZARD 3rd level elizabeth mall 4177775.
should take about 5 to 20 mins to fix depending on the condition of the phone.

[markyap]

grabeh ka daghan new virus ni gawas in a span of few months even i had a hard time catching up hehehe.

anyways, hope this helps inform everyone about the truth about these malicious codes.

[chanbri]

bro, diba naa man mga antivirus applications? will that help prevent my system from being infected?

[markyap]

meron but havent seen one that protects from all these viruses.
you can have it uploaded at gizmo pud

[jasonrey]

ony nokia phones are vulnerable to this, right? any viruses for the sony ericsson phones?

[markyap]

correct only nokia series 60 phones

[jasonrey]

@markyap: thanks for the info
got a SE phone. it's good to know it doesn't have any viruses.

[markyap]

not yet, ur safe for now, but who knows tomorrow meron ilalabas hehehe!
joke lang!

[pi_cha_chu]

if this is the case, then how much magpa install ug antivirus app??.. of corz @gizmo..

[markyap]

150 man amo charge diri per app then 50% off man mo tanan istorya.net members so barato ra

[markyap]

new virus info added:

NAME: Mabir.A
ALIAS: SymbOS/Mabir.A

Mabir is a worm that operates on Symbian Series 60 devices, the Mabir worm is capable of spreading both over Bluetooth and MMS messages.

When Mabir.A infects a phone it will start searching other phones that in can reach over Bluetooth and send infected SIS files to the phones it finds.

The SIS files that files that Mabir.A sends have always the same file name "caribe.sis". Please note that while Mabir.A uses the name SIS file name as original Cabir worms, it is different worm than Cabir.

In addition of spreading over bluetooth the Mabir.A will also listen for any MMS or SMS messages that arrive to the infected phone. And respond to those messages with MMS message that contains Mabir as "info.sis".

The MMS messages that Mabir sends do not contain any text message, only the info.sis file

The MMS messages are multimedia messages that can be sent between Symbian phones and other phones that support MMS messaging. As the name says the MMS messages are intended to contain only media content, such as pictures, audio or video, but they can contain anything, including infected Symbian installation files.

[evotyper]

sus mahala raba pa format.

[blank]

Quote: Originally Posted by markyap 150 man amo charge diri per app then 50% off man mo tanan istorya.net members so barato ra

oi tinoud ka naa 50% off. eehehehehe. Unsaonz. Tarung btaw? Kay bacn pa install ko.

[markyap]

yes 50% off for all istorya.net members...NO JOKE!

when you have any apps,games,tones, etc installed at gizmo cellphone wizard, or even unlocking or upgrading, always mention that you are istorya.net member and that marky said na 50% off ka sa apps/games/tones/unlocking/upgarding.
thats all

you will have to ask for the discount though, coz my staff will not ask you if ur member here or not...enjoy the discount!

[ScReWfAcE]

Commwarrior na sad oi !