VirusSymbOS/Cabir.B!worm
Analysis
- It is a Symbian virus, packed in .SIS format.
- The following message is displayed on the screen during installation:
This is advanced camera timer for your phone! - Extracts the following files:
- C:\system\RECOGS\flo.mdl
- C:\system\CARIBESECURITYMANAGER\caribe.app
- C:\system\CARIBESECURITYMANAGER\caribe.rsc
- C:\system\CARIBESECURITYMANAGER\CAMTIMER.sis
- C:\system\apps\caribe\flo.mdl
- C:\system\apps\caribe\caribe.app
- C:\system\apps\caribe\caribe.rsc
- C:\system\apps\CamTimer\camtimer.app
- C:\system\apps\CamTimer\camtimer.rsc
- Attempts to send itself to other Bluetooth-enabled devices that it finds.
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- Do not accept unsolicited applications which may be received by Infrared or other means
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-11-28 | 73.40600 | Sig Updated |