|
|
|
|
| Virus Encyclopedia |  |
Riskware | |
Alerts | |
Analysis | |
News | |
Glossary | |
Weblog |
 |
| ||||||
|
| ||||||
|
| ||||||
| ||||||||||||
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Network Worms / Internet Worms
Worm.SymbOS.Cabir.dOther versions: .a, .b, .c, .k
This malicious program is a worm which runs under Symbian. The worm itself is a SIS file. The file is 15092 bytes in size. It spreads via Bluetooth.
In order for a device to become infected, the user has to accept the malicious file twice.
When installing, the worm will display the following messages:
During installation, the program will drop the following files to the smartphone:
In order to function, the worm uses functions from the following system libraries: BAFL.DLL BLUETOOTH.DLL CONE.DLL EFSRV.DLL EIKCORE.DLL ESOCK.DLL EUSER.DLL IROBEX.DLL Once the device has been infected, a file called "C:\SYSTEM\SYMBIANSECUREDATA\MYTITISECURITYMANAGER\MYTITI.SIS" is created. It is this file which will be transmitted in order to infect other devices. The worm then scans for accessible devices which have Bluetooth enabled. The worm will choose the first accessible device in the list and attempt to send "MYTITI.SIS" to this device. Apart from its propagation routine, this worm has no malicious payload. However, this worm can cause a device to become unstable due to the presence of the worm file in memory, and the constant scanning for accessible Bluetooth devices.
In order to delete this malicious program, install a file manager application which provides the option to view hidden and system files. Then delete the files listed below. C:\SYSTEM\apps\MYTITI\flo.mdl C:\SYSTEM\apps\MYTITI\MYTITI.app C:\SYSTEM\apps\MYTITI\MYTITI.rsc C:\SYSTEM\SYMBIANSECUREDATA\MYTITISECURITYMANAGER\MYTITI.SIS Once you have done this, reboot the device. | ||||||||||||
Copyright © 1996 - 2009
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
Email: webmaster@viruslist.com
