Encyclopedia

ComWar.A

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

ComWar.A carries out the following actions in cellphones running the operating system Symbian series 60:

  • If it is run within the first hour of the 14th of any month, it resets the cellphone.
  • It randomly displays any of the following messages:

    CommWarrior v1.0 (c) 2005 by e10d0r

    CommWarrior is freeware product. You may freely distribute it in it's original unmodified form.

    OTMOP03KAM HET!

Infection strategy 

ComWar.A creates the following files when it is installed:

  • COMMWARRIOR.EXE and COMMREC.MDL in the directory C:\ SYSTEM\ APPS\ COMMWARRIOR.
  • COMMREC in the directory C:\ SYSTEM\ RECOGS.

Once it is run, ComWar.A creates the following files in the directory C:\SYSTEM\UPDATES:

  • COMMREC.MDL.
  • COMMWARRIOR.EXE.
  • COMMW.SIS.

Means of transmission 

ComWar.A spreads via BlueTooth and through MMS messages.

Keep in mind that ComWar.A needs the user intervention in order to be run on the cellphone. Before the malicious file is installed, the user receives a security warning.

 

1.- Transmission via Bluetooth.

Bluetooth is a technology that allows to create wireless connections of electronic devices. ComWar.A follows the routine below in order to use this technology:

  • Once it has affected a device, ComWar.A starts searching for other devices with Bluetooth technology built-in, in order to spread to them.
  • ComWar.A sends a copy of itself with a random name to the Bluetooth devices it has found.
  • ComWar.A repeats this scheme once per minute.

 

2.- Transmission through MMS messages.

MMS (Multimedia Message Service) is a method of transmitting multimedia files, such as graphics, text messages, video clips, etc. over wireless networks, using the WAP protocol.

In order to spread using MMS messages, ComWar.A follows the routine below:

  • It reaches the cellphone in a message with variable characteristics:

    Message 1:
    Subject: Norton AntiVirus
    Message: Released now for mobile, install it!

    Message 2:
    Subject: Dr.Web
    Message: New Dr.Web antivirus for Symbian OS. Try it!

    Message 3:
    Subject: MatrixRemover
    Message: Matrix has you. Remove matrix!

    Message 4:
    Subject: 3DGame
    Message: 3DGame from me. It is FREE !

    Message 5:
    Subject: MS-DOS
    Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!

    Message 6:
    Subject: PocketPCemu
    Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.

    Message 7:
    Subject: Nokia ringtoner
    Message: Nokia RingtoneManager for all models.

    Message 8:
    Subject: Security update #12
    Message: Significant security update. See www.symbian.com

    Message 9:
    Subject: Display driver
    Message: Real True Color mobile display driver!

    Message 10:
    Subject: Audio driver
    Message: Live3D driver with polyphonic virtual speakers!

    Message 11:
    Subject: Symbian security update
    Message: See security news at www.symbian.com

    Message 12:
    Subject: SymbianOS update
    Message: OS service pack #1 from Symbian inc.

    Message 13:
    Subject: Happy Birthday!
    Message: Happy Birthday! It is present for you!

    Message 14:
    Subject: Free SEX!
    Message: Free *SEX* software for you!

    Message 15:
    Subject: Virtual SEX
    Message: Virtual SEX mobile engine from Russian hackers!

    Message 16:
    Subject: Porno images
    Message: Porno images collection with nice viewer!

    Message 17:
    Subject: Internet Accelerator
    Message: Internet accelerator, SSL security update #7.

    Message 18:
    Subject: WWW Cracker
    Message: Helps to *CRACK* WWW sites like hotmail.com

    Message 19:
    Subject: Internet Cracker
    Message: It is *EASY* to *CRACK* provider accounts!

    Message 20:
    Subject: PowerSave Inspector
    Message: Save you battery and *MONEY*!

    Message 21:
    Subject: 3DNow!
    Message: 3DNow!(tm) mobile emulator for *GAMES*.

    Message 22:
    Subject: Desktop manager
    Message: Official Symbian desctop manager.

    Message 23:
    Subject: CheckDisk
    Message: *FREE* CheckDisk for SymbianOS released!MobiComm, Mobile communications inspector. Try it!
  • All of these messages include a SIS file with a random name, which contains the code of ComWar.A.
  • Once it is installed and run, ComWar.A sends a copy of that SIS file to all the entries in the Address Book of the Symbian device.

Further Details  

ComWar.A is approximately 27 Kbytes in size.

Last updated:  04/01/2008 

Virus News

3/10/09.-More than 10 Million Worldwide Were Actively Exposed to Identity Theft in 2008

3/5/09.-Cyber-crooks manipulate Internet searches to sell fake antivirus products

3/2/09.-VideoPlay adware infections grew 400% in February through malicious use of Web 2.0 pages

[+ Noticias]