a lot of people fret over mobile phone viruses, perhaps as an outcome of their experience with computer viruses, but u really neednt worry except if u engage in unrestrained file exchange over bluetooth. ive only had 2 infections by commwarior and caribe. phone viruses are not as common as their pc counterparts and do not creep into your system as pc viruses do. the most common symbian phone virus is commwarrior(with variants of a,b and c) and is really more of worm that replicates via bluetooth and MMS.
COMMWARRIORonce it infects a phone, it copies its executable bits into
\system\apps\CommWarrior\commwarrior.exe and
\system\apps\CommWarrior\commrec.mdl, of course u know .exe is the actual program. all i know about .mdl is that it is some unknown Symbian OS MIME Type Library, unknown because as far as i know symbian OS apps use .dll lib types. anyway When the comwarrior.exe is executed it copies the following files:
\system\updates\commrec.mdl
\system\updates\commwarrior.exe
And rebuilds it's SIS file to:
\system\updates\commw.sisimmediately it creates this SIS file commwarrior will read the local fonebook and try to send copies of itself through MMS only from 00:00 to 06:59, based on the phone's own clock. all this is done in the background without u bin much aware of it and when i was infected i cldnt figure out at first why my credits kept draining until much later when i did a lil research. in its attempt to replicate via MMS commwarrior will try to send infected files by posing as multimedia content usually with the filename commw.sis or commwr.sis. the worm itself (of course, depending on the variant; i was infected by commwarrior A) contains the text CommWarrior v1.0 (c) 2005 by e10d0r
ATMOS03KAMA HET! where ATMOS03KAMA HET is Russian and can mean "no to braindeads", whatever that means. in trying to replicate via bluetooth the worm will automatically search for any nearby bluetooth fones and attempt to send copies of itself so next time u get a beep and a notifier that do u want to receive an incoming transfer from phone X, just reject and switch off your BT. so how do u remove the worm should u ever get infected? well some people try to erase its files with fileexplorer but its a wasted effort because just like Brontok in PC u may remove the main files but it still leaves fragments that persist as either threads or processes. the best remedy (for me anyway) is FSecure's AntiCommWarrior application which u can get from
www.aivanet.comas a precaution if u see the following "offers" on your phone, REJECT because its commwarrior:
MatrixRemover
Matrix has you. Remove matrix!
3DGame
3DGame from me. It is FREE !
MS-DOS
MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
PocketPCemu
PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Nokia ringtoner
Nokia RingtoneManager for all models.
Security update #12
Significant security update. See
www.symbian.com Display driver
Real True Color mobile display driver!
Audio driver
Live3D driver with polyphonic virtual speakers!
Symbian security update
See security news at
www.symbian.com SymbianOS update
OS service pack #1 from Symbian inc.
Happy Birthday!
Happy Birthday! It is present for you!
Free SEX!
Free *SEX* software for you!
Virtual SEX
Virtual SEX mobile engine from Russian hackers!
Porno images
Porno images collection with nice viewer!
Internet Accelerator
Internet accelerator, SSL security update #7.
WWW Cracker
Helps to *CRACK* WWW sites like hotmail.com
Internet Cracker
It is *EASY* to *CRACK* provider accounts!
PowerSave Inspector
Save you battery and *MONEY*!
3DNow!
3DNow!(tm) mobile emulator for *GAMES*.
Desktop manager
Official Symbian desctop manager.
CheckDisk
*FREE* CheckDisk for SymbianOS released!MobiComm
Norton AntiVirus
Released now for mobile, install it!
Dr.Web
New Dr.Web antivirus for Symbian OS. Try it!
CARIBEcaribe/cabir is also a worm that spreads via bluetooth, but unlike commwarrior it doesnt replicate via MMS and is more of a Proof-of-Concept nuisance than genuine malware. what it does is lock onto any nearby bluetooth and send itself and also lock that bluetooth from connecting with other phones even if the infected phone is out of range. but it can achieve this ONLY if the target bluetooth is in discoverable mode. symantec's mobile definition takes care of it but leaves behind some signature files which u may have to manually remove yourself by deleting the following directory
c:\system\symbiansecuredata\caribesecuritymanager\. a friend whose phone was infected actually had to let go of it because he used wrong virus defitions and found that the worm still persisted. in my experience i find simworks' antivirus the best as it completely removes caribe/cabir. also, caribe rapidly drains batteries leading to constant recharge almost every thirty minutes.
there are other viruses but i havent had time to check on them because really viruses arent that dangerous or common EXCEPT as said earlier u constantly swap files without taking much heed of the source. theres something called Skulls and Bones or somesuch and is particularly malicious and the problem is u can't really find CONCISE info on the web about them. i should also tell u that theres a trojan called DOOMBOOT-A that loads a variant of Commwarrior (commwarrior B i think, or maybe C, doesnt work with A). once it loads-and u are never aware of the actual installation- doomboot prevents your phone from booting while the commwarrior worm rapidly drains your batteries so u got like an hour at most to figure whats wrong and disinfect your phone once u notice your batteries draining or u may not be able to boot up again. this is known as a COCKTAIL kind of infection as it involves a trojan and a worm. Doomboot usually disguises itself as bootlegged copy of Doom2 (though someone told me it also comes as 3D mini golf). however its rare.
so the bottom line is: don't download stuff randomly or from or from "WAREZ" sites as such warez are rife with all sorts of viruses. its best to download from sites that require registration (always free) because its members that upload stuff and post download links and once a file is infected definitely someone will post an alert in the members forum. if u are downloading via wap try wapain.net or wapain.co.uk because every app is prefaced with user comments so if its a virus u'll know before downloading. on the Net i find
www.aivanet.com to be the best. so u can join. also, if u get to aivanet download and install FSecure's Anticommwarrior and AntiCabir definitions. u should also install simwork's or kaspersky's antiviral apps. but the best prevention method is to always switch off your bluetooth, accept transfers only from legit sources and try to avoid warez sites. hope this has helped. cheers!
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
