Worm:SymbOS/Corrior.B is a detection for a worm that affects mobile devices running on Symbian operating system (SymbOS) and spreads via MMS (Multimedia Messaging Service) and Bluetooth.
Installation
Worm:SymbOS/Corrior.B may arrive as a .sis installation package. Once installed, it may be installed as the following files:
Worm:SymbOS/Corrior.B also copies its components as following:
Payload
Sends messages to remote devices
Worm:SymbOS/Corrior.B tries to search nearby phones using Bluetooth, and send the installation package (c:\system\updates\commw.sis) to a remote device with a random name.
Worm:SymbOS/Corrior.B tries to attach the installation package (c:\system\updates\commw.sis) to an MMS, which contains one of following subject and body text, to number found in address book:
Subject: Norton AntiVirus
Body: Released now for mobile, install it!
Subject: Dr.Web
Body: New Dr.Web antivirus for Symbian OS. Try it!
Subject: MatrixRemover
Body: Matrix has you. Remove matrix!
Subject: 3DGame
Body: 3DGame from me. It is FREE !
Subject: MS-DOS
Body: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: PocketPCemu
Body: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Nokia ringtoner
Body: Nokia RingtoneManager for all models.
Subject: Security update #12
Body: Significant security update. See www.symbian.com
Subject: Display driver
Body: Real True Color mobile display driver!
Subject: Audio driver
Body: Live3D driver with polyphonic virtual speakers!
Subject: Symbian security update
Body: See security news at www.symbian.com
Subject: SymbianOS update
Body: OS service pack #1 from Symbian inc.
Subject: Happy Birthday!
Body: Happy Birthday! It is present for you!
Subject: Free SEX!
Body: Free *SEX* software for you!
Subject: Virtual SEX
Body: Virtual SEX mobile engine from Russian hackers!
Subject: Porno images
Body: Porno images collection with nice viewer!
Subject: Internet Accelerator
Body: Internet accelerator, SSL security update #7.
Subject: WWW Cracker
Body: Helps to *CRACK* WWW sites like hotmail.com
Subject: Internet Cracker
Body: It is *EASY* to *CRACK* provider accounts!
Subject: PowerSave Inspector
Body: Save you battery and *MONEY*!
Subject: 3DNow!
Body: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Desktop manager
Body: Official Symbian desctop manager.
Subject: CheckDisk
Body: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: MobiComm, Mobile communications inspector. Try it!
Body:
Analysis by Shawn Wang
