This is a minor variant to the CommWar family. This threat contains these strings that are not displayed at any time -
CommWarrior v1.0b (c) 2005 by e10d0r
CommWarrior is freeware product. You may freely distribute it in it's original unmodified form.
This is a virus for Series 60 type cell phones operating Symbian OS version 6 [or higher], such as Nokia among other brands. The object of the virus is to spread to other phones using Bluetooth and MMS as transport avenues. The targets are selected from the contact list of the infected phone and also sought via Bluetooth searching for other Bluetooth-enabled devices (phones, printers, gaming devices etc.) in the proximity of the infected phone.
This virus is slightly more than a proof of concept - it has proven successfully its ability to migrate from a zoo collection to being in-the-wild. Currently, this virus is being reported in over 18 different countries around Europe, Asia and North America.
Initially upon installing itself (after the recipient grants authorization to receive and run the "application"), the virus will copy itself as the following files -
The "recogs" folder commonly stores programs known as "recognizers". The recognizer in this case is "commrec.mdl".
Load at phone bootup
When the phone powers on, the loader runs CommWar as "commwarrior.exe" from its installed location. CommWar will read from the phone contact list and attempt to send itself using MMS
The virus attempts to send itself to contacts found on the infected phone using MMS. The message itself contains MIME instruction for the receiving application of how to treat the attachment -
The receiving phone may receive one of several hard-coded messages - the actual message depends on which one the virus chooses, based on a randomizer routine. The following are examples of what a targeted phone may expect to receive (subject, message) -
Released now for mobile, install it!
New Dr.Web antivirus for Symbian OS. Try it!
Matrix has you. Remove matrix!
3DGame from me. It is FREE !
MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Nokia RingtoneManager for all models.
Security update #12
Significant security update. See www.symbian.com
Real True Color mobile display driver!
Live3D driver with polyphonic virtual speakers!
Symbian security update
See security news at www.symbian.com
OS service pack #1 from Symbian inc.
Happy Birthday! It is present for you!
Free *SEX* software for you!
Virtual SEX mobile engine from Russian hackers!
Porno images collection with nice viewer!
Internet accelerator, SSL security update #7.
Helps to *CRACK* WWW sites like hotmail.com
It is *EASY* to *CRACK* provider accounts!
Save you battery and *MONEY*!
3DNow!(tm) mobile emulator for *GAMES*.
Official Symbian desctop manager.
*FREE* CheckDisk for SymbianOS released!MobiComm
MobiComm, Mobile communications inspector. Try it!
The MMS message will have an attachment of a randomized name with a .SIS extension. If the user runs the attached file, it will install the virus.
The .SIS file contains the full path used when the virus is extracted. The virus and loader are installed to this locale -
The virus also has the ability to seek Bluetooth-enabled devices. Devices found could receive numerous messages asking to install "Caribe". The request is persistent and annoying. It is important to note that phones that have not been configured to allow connection via this seek-and-find method are not susceptible to this attack.
- Delete all modules related to this virus from the infected device -