Welcome to the GSM-Forum forums. |
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact us.
|Nokia Multimedia No Unlocking or Flashing Programs here, this section for Ringtones, Wallpaper and other media Files and Windows/Java/Symbian games and applications.|
| ||LinkBack||Thread Tools||Display Modes|
|08-07-2005, 18:06||#1 (permalink)|
Join Date: Feb 2005
Thanked 5 Times in 5 Posts
Info: Everything You Need To Know About Mobile Viruses!! Read On and Comment
Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.
Cabir *******tes over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.
When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range.
Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode.
Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm.
But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings.
Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots.
Cabir.A displays text "Caribe-VZ/29a" while Cabir.B displays text that contains just "Caribe".
There is also repacked version of Cabir.B that is packed into SIS file, which installs the worm into different directory and shows text popup at SIS install. But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file.
Cabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.C spreads as MYTITI.SIS instead of Cabir.SIS.
Cabir.C displays text "Mytiti" while Cabir.B displays text that contains just "Caribe".
Cabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D spreads as [YUAN].SIS instead of Cabir.SIS.
Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe".
Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS.
Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe".
Cabir.Dropper is Symbian installation file that will install Cabir.B, Cabir.C and Cabir.D into the device and disables the Bluetooth control application. The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis (WATCH OUT FOR THIS GUYZ!)
The Cabir.Dropper installs different Cabir variants into several places in the device file system. Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank.
If user clicks on one of the replaced icons in the menu, the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS) without other Cabir variants or Cabir.Dropper.
The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot, but fails as the autostart component points into directory that is not installed on the device.
Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.
The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".
If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.
This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.
If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.
Skulls.B is a variant of SymbOS/Skulls.A trojan, which has similar functionality to the Skulls.A but uses different files.
Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone.
The Cabir dropped by Skulls.B does not activate automatically, but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones.
The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system).
The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did.
If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B, which fortunately, is not able to activate automatically.
If you have installed Skulls.B, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.
This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.
It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.
It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.
Unlike worms, it does not spread itself to other contacts in the phone.
|08-08-2005, 14:22||#6 (permalink)|
Join Date: Feb 2005
Thanked 5 Times in 5 Posts
lets make this thread a very informative thread ...lets try also to upload some applications that will help our mobile free from viruses...anyone can upload some anti-virus..thanks
|10-25-2005, 09:38||#7 (permalink)|
Join Date: Oct 2005
Location: perth aust.
Thanked 7 Times in 6 Posts
thanks for the info mike!-I have been given aphone by a customer who seems to have cabir virus-but he believes that handset is sending mms to all his contacts as well.Apprently his fone bill gone up extra $1000 aud.Gets mssgs from random numbers.Is this possible or is just spread via b/tooth.As well as replying here,could you pls send to my email address as well thanks mate??
|10-25-2005, 10:55||#8 (permalink)|
Join Date: Oct 2004
Thanked 1 Time in 1 Post
"virus-but he believes that handset is sending mms to all his contacts as well."
That sounds like CommWarrior, not Cabir. Better get antivirus sw trial and clean it or just format the phone.
|07-26-2006, 10:54||#9 (permalink)|
Join Date: Jul 2006
Thanked 0 Times in 0 Posts
great knowledge you got there.
i always tried to explain what caribe is, but never find the knowledge in words to explain it to my friends.
always wanted to learn stuffs like this.. hope you post more knowledge about phones.
i have caught it once. but i know all the side effects of that virus can do to my phone. i am using NGAGE that time i caught the virus.
first it makes you unable to turn off bluetooth, and always you will be bugged by someone trying to send you a file via bluetooth.
then later you cannot turn off your phone, you can only remove your battery.
then when restart takes a damn long time to respond.
finally the screen occasionally turns blank white.
the way out is to format your phone. series 60 phones have a format software developed by psyloc? its kinda good.
|thread||Thread Starter||Forum||Replies||Last Post|
|The Baby Book: Everything You Need to Know About Your Baby from Birth to Age Two (Rev||IPMART||ipmart WebShop||0||09-30-2009 09:10|
|iPhone Story continues...Everything you need to start iPhone, Touch and iPod business||miliky||Main Sales Section||0||11-05-2007 19:33|
|What you need to know about support bb5 box !!!||Slavonac||Nokia Base Band 5 ( BB-5 )||0||05-22-2007 10:42|
|Absolutely EVERYTHING you need to know about||catamount||Off Topic Zone||1||03-09-2005 03:45|
|All you need to know about 4 locks closed - READ NOW||crusher||Sony Ericsson||1||04-12-2003 00:00|