HOME > VIRUS ALERTS


VIRUS ALERTS

SYMBOS_BESELO Worm

Original issue date: January 24, 2008

It has been reported that mobile phone worm SYMBOS_BESELO.A is spreading in the wild. This worm is infecting Symbian S60 enabled devices which include Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.

This malware spreads through Bluetooth and multimedia (MMS) messages. Malware pretend to be a multimedia file with extensions such as .mp3, .jpg, .rm and persuade users into installing itself on their phones.

After installation this worm harvests all the phone numbers from phone's contact list and sends them malicious MMS carrying a SIS-packed (Symbian Installation Source) version of worm. It also sends malicious MMS to phone numbers generated by it.

Upon execution , this Worm :

  • Drops copy of itself on the system with random name.
  • Drops some non malicious files with random names and extensions such as .dat, .ini.
  • Creates following files on the infected system:
    • C:\System\Apps\dxxnnnr.exe
    • C:\System\Apps\dxxnnnr.sis
    • C:\System\Data\dxxnnnr.dat
    • C:\System\Data\dxxnnnr.exe
    • C:\System\Install\DVLMPPI.SIS
    • C:\System\recogs\dxxn.mdl
    • E:\system\Apps\dxxnnnr.exe
    • E:\system\recogs\dxxn.mdl.
  • Creates MMS message with an attached copy of .SIS installer. MMS message contains the a copy of malware with names:
    • beauty.jpg
    • love.rm
    • sex.mp3
      above mentioned files can also spread through Bluetooth.

Users are advised to implement the following countermeasures:

  • Use caution when accepting incoming files via MMS and Bluetooth.
  • Do not opt for the installation option for the multimedia files.
  • Secure Bluetooth connections to prevent access from unauthorized devices.
  • Keep up to date anti virus on mobile phones.

References:

http://www.us-cert.gov/current/#symbianos_worm

http://www.computerworld.com/action/article.do?command
=viewArticleBasic&articleId=9058330&source=rss_topic17

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003