This new symbian malware is similar to other symbian malware in the sense that it overwrites normal files in the system in order to destroy them. However, it has a particularly interesting characteristic where it attempts to spread infection to a computer running in Windows OS. This is because this malware drops these 4 files into the E: directory (which is the memory card):
Thus, when the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, the file SYSTEM.exe may not have an automatic startup routine, but since it has the icon of a folder, this could be executed by an unsuspecting user who wants to open this “folder”.
Note: This malware will be detected as SYMBOS_CARDTRP.A
Dropped Files
fsb.exe – BKDR_BERBEW.Q
buburuz.ICO – Icon file for the memory card
autorun.inf – file used to automatically execute fsb.exe
SYSTEM.exe – WORM_WUKILL.B
buburuz.ICO – Icon file for the memory card
autorun.inf – file used to automatically execute fsb.exe
SYSTEM.exe – WORM_WUKILL.B
Thus, when the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, the file SYSTEM.exe may not have an automatic startup routine, but since it has the icon of a folder, this could be executed by an unsuspecting user who wants to open this “folder”.
Note: This malware will be detected as SYMBOS_CARDTRP.A
Dropped Files
- E:DOCUME~1BimLOCALS~1TempMKS0CARIBE.SIS – already detected as SymbOS_CABIR.A
- E:SYSTEM.exe – already detected as WORM_WUKILL.B
- E:fsb.exe – already detected as BKDR_BERBEW.Q
- E:SystemAppsWILDSKINWILDSKIN.App
- C:SystemAppsWALLETAVMGMTWALLETAVMGMT.App
- C:SystemAppsVoicerecorderVoicerecorder.app
- C:SystemAppsVoiceRecVoiceRec.app
- C:SystemAppsVMVm.app
- C:SystemAppsVideorecorderVideoRecorder.app
- C:SystemAppsVCommandVCommand.app
- E:SystemAppsUVSMStyleUVSMStyle.App
- E:SystemAppsUltraMP3UltraMP3.App
- C:SystemAppsTodoTodo.app
- E:SystemAppsSystemExplorerSystemExplorer.App
- C:SystemAppssSaversSaver.App
- C:SystemAppsSpeedDialSpeeddial.app
- E:SystemAppsSounderSounder.App
- C:SystemAppsSnakeExSnakeEx.app
- E:SystemAppsSmsMachineSmsMachine.App
- E:SystemAppsSmartMovieSmartMovie.App
- E:SystemAppsSmartAnswerSmartAnswer.App
- C:SystemAppsSimDirSimDir.app
- E:SystemAppsScreenCapScreenCap.app
- C:SystemAppsSatUiSatui.app
- E:SystemAppsRingMasterRingMaster.App
- C:SystemAppsRealPlayerRealPlayer.app
- E:SystemAppsRallyProContestRallyProContest.App
- E:SystemAppsPVPlayerPVPlayer.App
- C:SystemAppsPslnPSLN.app
- C:SystemAppsProfileAppProfileApp.app
- C:SystemAppsPinboardPinboard.app
- E:SystemAppsPhotoSMSPhotoSMS.App
- E:SystemAppsPhotoSafePhotoSafe.App
- E:SystemAppsPhotographerPhotographer.app
- E:SystemAppsPhotoEditorPhotoEditor.app
- C:SystemAppsPhotoAlbumPhotoAlbum.app
- E:SystemAppsphotoacutephotoacute.App
- C:SystemAppsPhoneBookPhoneBook.app
- !:SystemAppsPhoneFREAKPHONE_CAPTION.RSC
- !:SystemAppsPhoneFREAKPHONE.RSC
- E:SystemAppsPhoneFREAKPHONE.APP
- E:SystemAppsPhoneFreakPhone.aif
- C:SystemAppsNSmlDSSyncNSmlDSSync.app
- C:SystemAppsNotepadNotepad.app
- C:SystemAppsMusicPlayerMusicPlayer.app
- E:SystemAppsMp3PlayerMp3Player.App
- E:SystemAppsMp3GoMp3Go.App
- C:SystemAppsmmpmmp.App
- C:SystemAppsMMCAppMMCApp.app
- C:SystemAppsMixPixMixPix.app
- C:SystemAppsMidpUiMidpUi.app
- E:SystemAppsMIDIEDMIDIED.App
- !:SystemAppsMenuFreakMenu_caption.rsc
- !:SystemAppsMenuFREAKMENU.RSC
- !:SystemAppsMenuFREAKMENU.APP
- E:SystemAppsMenuFreakMenu.aif
- C:SystemAppsMediaplayerMediaPlayer.app
- C:SystemAppsMediaGalleryMediaGallery.app
- C:SystemAppsMCEMCE.app
- C:SystemAppsLogsLogs.app
- E:SystemAppslogoManlogoMan.app
- E:SystemAppsLauncherLauncher.app
- E:SystemAppsKPCaMainKPCaMain.App
- E:SystemAppsJellyJelly.App
- E:SystemAppsirremoteirRemote.App
- C:SystemAppsIrAppIrApp.app
- E:SystemAppsHantroCPHantroCP.App
- E:SystemAppsHairHair.App
- C:SystemAppsGSGS.app
- E:SystemAppsFSCallerFSCaller.App
- C:SystemAppsFMRadioFMRadio.app
- C:SystemAppsFileManagerFileManager.app
- E:SystemAppsFExplorerFExplorer.App
- C:SystemAppsFdnFDN.app
- C:SystemAppsFaxModemUiFaxModemUi.app
- E:SystemAppsFaceWarpFaceWarp.App
- E:SystemAppsextendedrecorderextendedrecorder.App
- E:SystemAppsETIPlayerETIPlayer.App
- E:SystemAppsETIMovieAlbumETIMovieAlbum.App
- E:SystemAppsETICamcorderETICamcorder.App
- C:SystemAppsCSHelpCSHelp.app
- C:SystemAppsConverterConverter.app
- C:SystemAppsConnectionMonitorUiConnectionMonitorUi.app
- C:SystemAppsComposerComposer.app
- C:SystemAppsClockAppClockApp.app
- E:SystemAppsCFCF.app
- E:SystemAppscamerafxCameraFX.App
- C:SystemAppsCameraCamera.app
- C:SystemAppsCamcorderCamcorder.app
- E:SystemAppsCamcoderCamcoder.App
- E:SystemAppsCallManagerCallManager.App
- E:SystemAppscallcheatercallcheater.app
- C:SystemAppsCalendarCalendar.app
- C:SystemAppsCalcSoftCalcSoft.app
- C:SystemAppsBrowserBrowser.app
- E:SystemAppsBlueJackXBlueJackX.App
- E:SystemAppsBlackListBlackList.App
- C:SystemAppsAppMngrAppMngr.app
- C:SystemAppsAppCtrlAppCtrl.app
- E:SystemAppsAnswRecAnswRec.App
- E:SystemAppsAD7650AD7650.App
- C:SystemAppsAboutAbout.app
- E:buburuz.ICO
- E:autorun.inf
- PopUp0.txt
Update
Previously, we have come to define an example of a “blended threat” as a Windows worm that either spreads via multiple propagation vectors such as email, IM, network shares and application vulnerabilities and/or a worm that has capabilities of other malwares such as file-infectors, backdoor trojans or even spywares.
Now, we may see a slightly new encounter of another implementation of what a “blended threat” is or could be in the near future – a mobile malware that has the capability to affect the Windows platform!… Ergo, let the battlecry linger on – Let’s continue to be vigilant!
As Raimund Genes, Trend Micro Chief Technologist Anti-Malware has said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”
Now, we may see a slightly new encounter of another implementation of what a “blended threat” is or could be in the near future – a mobile malware that has the capability to affect the Windows platform!… Ergo, let the battlecry linger on – Let’s continue to be vigilant!
As Raimund Genes, Trend Micro Chief Technologist Anti-Malware has said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”