Effects
ComWar.A carries out the following actions in cellphones running the operating system Symbian series 60:
- If it is run within the first hour of the 14th of any month, it resets the cellphone.
- It randomly displays any of the following messages:
CommWarrior v1.0 (c) 2005 by e10d0r
CommWarrior is freeware product. You may freely distribute it in it's original unmodified form.
OTMOP03KAM HET!
Infection strategy
ComWar.A creates the following files when it is installed:
- COMMWARRIOR.EXE and COMMREC.MDL in the directory C:\ SYSTEM\ APPS\ COMMWARRIOR.
- COMMREC in the directory C:\ SYSTEM\ RECOGS.
Once it is run, ComWar.A creates the following files in the directory C:\SYSTEM\UPDATES:
- COMMREC.MDL.
- COMMWARRIOR.EXE.
- COMMW.SIS.
Means of transmission
ComWar.A spreads via BlueTooth and through MMS messages.
Keep in mind that ComWar.A needs the user intervention in order to be run on the cellphone. Before the malicious file is installed, the user receives a security warning.
1.- Transmission via Bluetooth.
Bluetooth is a technology that allows to create wireless connections of electronic devices. ComWar.A follows the routine below in order to use this technology:
- Once it has affected a device, ComWar.A starts searching for other devices with Bluetooth technology built-in, in order to spread to them.
- ComWar.A sends a copy of itself with a random name to the Bluetooth devices it has found.
- ComWar.A repeats this scheme once per minute.
2.- Transmission through MMS messages.
MMS (Multimedia Message Service) is a method of transmitting multimedia files, such as graphics, text messages, video clips, etc. over wireless networks, using the WAP protocol.
In order to spread using MMS messages, ComWar.A follows the routine below:
It reaches the cellphone in a message with variable characteristics:
Message 1:
Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Message 2:
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Message 3:
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Message 4:
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Message 5:
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Message 6:
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Message 7:
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Message 8:
Subject: Security update #12
Message: Significant security update. See www.symbian.com
Message 9:
Subject: Display driver
Message: Real True Color mobile display driver!
Message 10:
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Message 11:
Subject: Symbian security update
Message: See security news at www.symbian.com
Message 12:
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Message 13:
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Message 14:
Subject: Free SEX!
Message: Free *SEX* software for you!
Message 15:
Subject: Virtual SEX
Message: Virtual SEX mobile engine from Russian hackers!
Message 16:
Subject: Porno images
Message: Porno images collection with nice viewer!
Message 17:
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Message 18:
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com
Message 19:
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Message 20:
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Message 21:
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Message 22:
Subject: Desktop manager
Message: Official Symbian desctop manager.
Message 23:
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm, Mobile communications inspector. Try it!
- All of these messages include a SIS file with a random name, which contains the code of ComWar.A.
- Once it is installed and run, ComWar.A sends a copy of that SIS file to all the entries in the Address Book of the Symbian device.
Further Details
ComWar.A is approximately 27 Kbytes in size.
>>