Info: Everything You Need To Know About Mobile Viruses!! Read On and Comment - GSM-Forum

mikes511 · 08-07-2005, 18:06

Cabir.A

Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.

Cabir *******tes over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.

When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range.

Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode.

Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm.

But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings.

Cabir.B

Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots.

Cabir.A displays text "Caribe-VZ/29a" while Cabir.B displays text that contains just "Caribe".

There is also repacked version of Cabir.B that is packed into SIS file, which installs the worm into different directory and shows text popup at SIS install. But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file.

Cabir.C

Cabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.C spreads as MYTITI.SIS instead of Cabir.SIS.

Cabir.C displays text "Mytiti" while Cabir.B displays text that contains just "Caribe".

Cabir.D

Cabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D spreads as [YUAN].SIS instead of Cabir.SIS.

Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe".

Cabir.E

Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS.

Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe".

Cabir.Dropper

Cabir.Dropper is Symbian installation file that will install Cabir.B, Cabir.C and Cabir.D into the device and disables the Bluetooth control application. The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis (WATCH OUT FOR THIS GUYZ!)

The Cabir.Dropper installs different Cabir variants into several places in the device file system. Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank.

If user clicks on one of the replaced icons in the menu, the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS) without other Cabir variants or Cabir.Dropper.

The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot, but fails as the autostart component points into directory that is not installed on the device.

Skulls.A

Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

Skulls.B

Skulls.B is a variant of SymbOS/Skulls.A trojan, which has similar functionality to the Skulls.A but uses different files.

Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone.

The Cabir dropped by Skulls.B does not activate automatically, but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones.

The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system).

The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did.

If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B, which fortunately, is not able to activate automatically.

If you have installed Skulls.B, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

Qdial.A

This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.

It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.

It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.

Unlike worms, it does not spread itself to other contacts in the phone.

naderhacker · 08-07-2005, 18:54

good work man keep it up

Reko · 08-07-2005, 18:55

Thanks man, that's good info. Now i have 7710 and viruses can't spread to it, or?

Spirit · 08-07-2005, 18:58

Great job !! Let's keep it updated...

Naz66 · 08-08-2005, 12:50

funtastic job bro thanks for sharing

mikes511 · 08-08-2005, 14:22

lets make this thread a very informative thread ...lets try also to upload some applications that will help our mobile free from viruses...anyone can upload some anti-virus..thanks

fonegeeks · 10-25-2005, 09:38

thanks for the info mike!-I have been given aphone by a customer who seems to have cabir virus-but he believes that handset is sending mms to all his contacts as well.Apprently his fone bill gone up extra $1000 aud.Gets mssgs from random numbers.Is this possible or is just spread via b/tooth.As well as replying here,could you pls send to my email address as well thanks mate??

Jan99 · 10-25-2005, 10:55

"virus-but he believes that handset is sending mms to all his contacts as well."

That sounds like CommWarrior, not Cabir. Better get antivirus sw trial and clean it or just format the phone.

thwallochi · 07-26-2006, 10:54

great knowledge you got there.

i always tried to explain what caribe is, but never find the knowledge in words to explain it to my friends.
always wanted to learn stuffs like this.. hope you post more knowledge about phones.

i have caught it once. but i know all the side effects of that virus can do to my phone. i am using NGAGE that time i caught the virus.

first it makes you unable to turn off bluetooth, and always you will be bugged by someone trying to send you a file via bluetooth.

then later you cannot turn off your phone, you can only remove your battery.
then when restart takes a damn long time to respond.
finally the screen occasionally turns blank white.

the way out is to format your phone. series 60 phones have a format software developed by psyloc? its kinda good.

08-07-2005, 18:06	#1 (permalink)
mikes511 Freak Poster Join Date: Feb 2005 Age: 47 Posts: 200 Member: 113930 Status: Offline Thanks Meter: 5	Info: Everything You Need To Know About Mobile Viruses!! Read On and Comment Cabir.A Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform. Cabir *******tes over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth. When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range. Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode. Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm. But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings. Cabir.B Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots. Cabir.A displays text "Caribe-VZ/29a" while Cabir.B displays text that contains just "Caribe". There is also repacked version of Cabir.B that is packed into SIS file, which installs the worm into different directory and shows text popup at SIS install. But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file. Cabir.C Cabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.C spreads as MYTITI.SIS instead of Cabir.SIS. Cabir.C displays text "Mytiti" while Cabir.B displays text that contains just "Caribe". Cabir.D Cabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D spreads as [YUAN].SIS instead of Cabir.SIS. Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe". Cabir.E Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS. Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe". Cabir.Dropper Cabir.Dropper is Symbian installation file that will install Cabir.B, Cabir.C and Cabir.D into the device and disables the Bluetooth control application. The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis (WATCH OUT FOR THIS GUYZ!) The Cabir.Dropper installs different Cabir variants into several places in the device file system. Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank. If user clicks on one of the replaced icons in the menu, the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS) without other Cabir variants or Cabir.Dropper. The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot, but fails as the autostart component points into directory that is not installed on the device. Skulls.A Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled. The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222". If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start. This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description. Skulls.B Skulls.B is a variant of SymbOS/Skulls.A trojan, which has similar functionality to the Skulls.A but uses different files. Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone. The Cabir dropped by Skulls.B does not activate automatically, but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones. The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system). The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did. If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B, which fortunately, is not able to activate automatically. If you have installed Skulls.B, the most important thing is not to reboot the phone and follow the disinfection instruction in this description. Qdial.A This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform. It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks. It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only. Unlike worms, it does not spread itself to other contacts in the phone.

10-25-2005, 09:38	#7 (permalink)
fonegeeks Freak Poster Join Date: Oct 2005 Location: perth aust. Posts: 125 Member: 188959 Status: Offline Thanks Meter: 7	cabir virus thanks for the info mike!-I have been given aphone by a customer who seems to have cabir virus-but he believes that handset is sending mms to all his contacts as well.Apprently his fone bill gone up extra $1000 aud.Gets mssgs from random numbers.Is this possible or is just spread via b/tooth.As well as replying here,could you pls send to my email address as well thanks mate??

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
The Baby Book: Everything You Need to Know About Your Baby from Birth to Age Two (Rev	IPMART	ipmart WebShop	0	09-30-2009 09:10
iPhone Story continues...Everything you need to start iPhone, Touch and iPod business	miliky	Main Sales Section	0	11-05-2007 20:33
What you need to know about support bb5 box !!!	Slavonac	Nokia Base Band 5 ( BB-5 )	0	05-22-2007 10:42
Absolutely EVERYTHING you need to know about	catamount	Off Topic Zone	1	03-09-2005 04:45
All you need to know about 4 locks closed - READ NOW	crusher	Sony Ericsson	1	04-12-2003 00:00

08-07-2005, 18:54	#2 (permalink)
naderhacker Freak Poster Join Date: Apr 2001 Location: EVRYWERE Posts: 492 Member: 4365 Status: Offline Thanks Meter: 39	good work man keep it up

08-07-2005, 18:55	#3 (permalink)
Reko Freak Poster Join Date: Mar 2005 Location: Finland Age: 32 Posts: 147 Member: 127823 Status: Offline Thanks Meter: 10	Thanks man, that's good info. Now i have 7710 and viruses can't spread to it, or?

08-07-2005, 18:58	#4 (permalink)
Spirit Insane Poster Join Date: Jun 2001 Location: Portugal Posts: 85 Member: 5082 Status: Offline Thanks Meter: 1	Great job !! Let's keep it updated...

08-08-2005, 12:50	#5 (permalink)
Naz66 No Life Poster Join Date: Apr 2005 Age: 37 Posts: 607 Member: 141164 Status: Offline Thanks Meter: 36	funtastic job bro thanks for sharing

08-08-2005, 14:22	#6 (permalink)
mikes511 Freak Poster Join Date: Feb 2005 Age: 47 Posts: 200 Member: 113930 Status: Offline Thanks Meter: 5	lets make this thread a very informative thread ...lets try also to upload some applications that will help our mobile free from viruses...anyone can upload some anti-virus..thanks

10-25-2005, 10:55	#8 (permalink)
Jan99 Freak Poster Join Date: Oct 2004 Age: 50 Posts: 125 Member: 84552 Status: Offline Thanks Meter: 1	"virus-but he believes that handset is sending mms to all his contacts as well." That sounds like CommWarrior, not Cabir. Better get antivirus sw trial and clean it or just format the phone.

07-26-2006, 10:54	#9 (permalink)
thwallochi Junior Member Join Date: Jul 2006 Location: Thailand/malaysia Posts: 31 Member: 306254 Status: Offline Thanks Meter: 0	great knowledge you got there. i always tried to explain what caribe is, but never find the knowledge in words to explain it to my friends. always wanted to learn stuffs like this.. hope you post more knowledge about phones. i have caught it once. but i know all the side effects of that virus can do to my phone. i am using NGAGE that time i caught the virus. first it makes you unable to turn off bluetooth, and always you will be bugged by someone trying to send you a file via bluetooth. then later you cannot turn off your phone, you can only remove your battery. then when restart takes a damn long time to respond. finally the screen occasionally turns blank white. the way out is to format your phone. series 60 phones have a format software developed by psyloc? its kinda good.