Symb/Mabir-A

Category: Viruses and Spyware Protection available since:29 Aug 2006 00:00:00 (GMT)
Type: Symbian bluetooth worm Last Updated:12 Apr 2007 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Symb/Mabir-A is a worm written specifically for the Nokia Series 60 mobile phones running the Symbian operating system.

The worm attempts to spread to bluetooth-enabled devices or via MMS (Multimedia Message Service) as a Symbian SIS package named caribe.sis or info.sis. The package contains components which are extracted to the following locations:

.\system\apps\caribe.app
.\system\apps\caribe.rsc
.\system\apps\flo.mdl
.\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\caribe.app
.\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\caribe.rsc
.\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\flo.mdl
.\system\RECOGS\flo.mdl

The package may also be found at the following locations:

.\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\caribe.sis
.\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\info.sis

Flo.mdl is a DLL that uses the EZBoot mechanism to attempt to launch caribe.app when the device is powered on.

Caribe.app contains the functionality to spread the worm.

Caribe.rsc is an innocuous file which can simply be deleted.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy