SymbOS.Cardtrp.C – Троян, который запускается на операционной системе Symbian, которая используется в телефонах Nokia 60 серии. Троян устанавливает SymbOS.Mabir, SymbOS.Cabir.B, SymbOS.Lasco.A, SymbOS.Commwarrior.B и отключает несколько приложений на скомпрометированном устройстве.
SymbOS.Cardtrp.C – Троян, который запускается на операционной системе Symbian, которая используется в телефонах Nokia 60 серии. Троян устанавливает SymbOS.Mabir, SymbOS.Cabir.B, SymbOS.Lasco.A, SymbOS.Commwarrior.B и отключает несколько приложений на скомпрометированном устройстве.
При запуске Троян удаляет следующие файлы на скомпрометированном устройстве:
· name=technicaldetails>C:\System\Apps\AD7650\AD7650.App
· C:\System\Apps\About\About.app
· C:\System\Apps\AnswRec\AnswRec.App
· C:\System\Apps\Anti-Virus\Anti-Virus.app
· C:\System\Apps\Anti-Virus\FsAVUpdater.app
· C:\System\Apps\Antivirus\Antivirus.app
· C:\System\Apps\Antivirus\Antivirus.rsc
· C:\System\Apps\AppCtrl\AppCtrl.app
· C:\System\Apps\AppMngr\AppMngr.app
· C:\System\Apps\BlackList\BlackList.App
· C:\System\Apps\BlueJackX\BlueJackX.App
· C:\System\Apps\Browser\Browser.app
· C:\System\Apps\CF\CF.app
· C:\System\Apps\CSHelp\CSHelp.app
· C:\System\Apps\CalcSoft\CalcSoft.app
· C:\System\Apps\Calendar\Calendar.app
· C:\System\Apps\CallManager\CallManager.App
· C:\System\Apps\Camcoder\Camcoder.App
· C:\System\Apps\Camcorder\Camcorder.app
· C:\System\Apps\ClockApp\ClockApp.app
· C:\System\Apps\Composer\Composer.app
· C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
· C:\System\Apps\Converter\Converter.app
· C:\System\Apps\Disinfect\Disinfect.app
· C:\System\Apps\IrApp\IrApp.aif
· C:\System\Apps\IrApp\IrApp.app
· C:\System\Apps\NSmlDSSync\NSmlDSSync.app
· C:\System\Apps\Notepad\Notepad.app
· C:\System\Apps\PVPlayer\PVPlayer.App
· C:\System\Apps\PhoneBook\PhoneBook.app
· C:\System\Apps\Phone\FREAKPHONE.APP
· C:\System\Apps\Phone\FREAKPHONE.RSC
· C:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC
· C:\System\Apps\Phone\FreakPhone.aif
· C:\System\Apps\PhotoAlbum\PhotoAlbum.app
· C:\System\Apps\PhotoEditor\PhotoEditor.app
· C:\System\Apps\PhotoSMS\PhotoSMS.App
· C:\System\Apps\PhotoSafe\PhotoSafe.App
· C:\System\Apps\Photographer\Photographer.app
· C:\System\Apps\Pinboard\Pinboard.app
· C:\System\Apps\ProfileApp\ProfileApp.app
· C:\System\Apps\Psln\PSLN.app
· C:\System\Apps\RallyProContest\RallyProContest.App
· C:\System\Apps\RealPlayer\RealPlayer.app
· C:\System\Apps\RingMaster\RingMaster.App
· C:\System\Apps\SatUi\Satui.app
· C:\System\Apps\ScreenCap\ScreenCap.app
· C:\System\Apps\Shell\Shell.App
· C:\System\Apps\Shell\Shell.r159
· C:\System\Apps\Shell\Shell.r31
· C:\System\Apps\SimDir\SimDir.app
· C:\System\Apps\SmartAnswer\SmartAnswer.App
· C:\System\Apps\SmsMachine\SmsMachine.App
· C:\System\Apps\SnakeEx\SnakeEx.app
· C:\System\Apps\Sounder\Sounder.App
· C:\System\Apps\SpeedDial\Speeddial.app
· C:\System\Apps\Startup\Startup.app
· C:\System\Apps\SystemExplorer\SystemExplorer.App
· C:\System\Apps\Todo\Todo.app
· C:\System\Apps\UVSMStyle\UVSMStyle.App
· C:\System\Apps\UltraMP3\UltraMP3.App
· C:\System\Apps\VCommand\VCommand.app
· C:\System\Apps\VM\Vm.app
· C:\System\Apps\Videorecorder\VideoRecorder.app
· C:\System\Apps\Voicerecorder\Voicerecorder.app
· C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App
· C:\System\Apps\cabirfix\cabirfix.App
· C:\System\Apps\callcheater\callcheater.app
· C:\System\Apps\camerafx\CameraFX.App
· C:\System\Apps\mmcapp\MMCApp.app
· C:\System\Apps\photoacute\photoacute.App
· C:\System\Apps\restart\restart.App
· C:\System\Apps\sSaver\sSaver.App
И следующие файлы на карте памяти:
· E:\Bugsis.ICO
· E:\CARIBE.Sis, which is a SymbOS.Mabir worm
· E:\ETel.dll
· E:\MMS.exe, which is a SymbOS.Commwarrior.B worm
· E:\System\Apps.com, which is detected as EICAR Test String
· E:\System\Apps\AgileMessenger\AgileMessenger.App
· E:\System\Apps\Camera\Camera.a159
· E:\System\Apps\Camera\Camera.a31
· E:\System\Apps\Camera\Camera.app
· E:\System\Apps\Camera\Camera.r159
· E:\System\Apps\Camera\Camera.r31
· E:\System\Apps\Camera\take_picture.wav
· E:\System\Apps\ControlPanel\ControlPanel.App
· E:\System\Apps\ControlPanel\ControlPanel.a159
· E:\System\Apps\ControlPanel\ControlPanel.a31
· E:\System\Apps\ControlPanel\ControlPanel.r159
· E:\System\Apps\ControlPanel\ControlPanel.r31
· E:\System\Apps\DVDPlayer\DVDPlayer.App
· E:\System\Apps\ETICamcorder\ETICamcorder.App
· E:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App
· E:\System\Apps\ETIPlayer\ETIPlayer.App
· E:\System\Apps\FExplorer\FExplorer.App
· E:\System\Apps\FMRadio\FMRadio.app
· E:\System\Apps\FSCaller\FSCaller.App
· E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.app, which is SymbOS.Cabir.B worm
· E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.mdl, which is a component of SymbOS.Cabir worm
· E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.rsc
· E:\System\Apps\FSServer\FSServer.App
· E:\System\Apps\FaceWarp\FaceWarp.App
· E:\System\Apps\FaxModemUi\FaxModemUi.app
· E:\System\Apps\Fdn\FDN.app
· E:\System\Apps\FiMan\FiMan.App
· E:\System\Apps\FiMan\FiMan.a159
· E:\System\Apps\FiMan\FiMan.a31
· E:\System\Apps\FiMan\FiMan.r159
· E:\System\Apps\FiMan\FiMan.r31
· E:\System\Apps\FileGuard\FileGuard.App
· E:\System\Apps\FileManager\FileManager.app
· E:\System\Apps\File\File.App
· E:\System\Apps\GS\GS.app
· E:\System\Apps\Hair\Hair.App
· E:\System\Apps\HantroCP\HantroCP.App
· E:\System\Apps\InstWiz\InstWiz.App
· E:\System\Apps\InstWiz\InstWiz.mbm
· E:\System\Apps\InstWiz\InstWiz.r159
· E:\System\Apps\InstWiz\InstWiz.r31
· E:\System\Apps\InstWiz\Instwiz.a159
· E:\System\Apps\InstWiz\Instwiz.a31
· E:\System\Apps\Jelly\Jelly.App
· E:\System\Apps\KPCaMain\KPCaMain.App
· E:\System\Apps\Launcher\Launcher.app
· E:\System\Apps\Logs\Logs.app
· E:\System\Apps\MCE\MCE.app
· E:\System\Apps\MIDIED\MIDIED.App
· E:\System\Apps\MMPlayer\MMPlayer.App
· E:\System\Apps\MediaGallery\MediaGallery.app
· E:\System\Apps\Mediaplayer\MediaPlayer.app
· E:\System\Apps\Menu\FREAKMENU.APP
· E:\System\Apps\Menu\FREAKMENU.RSC
· E:\System\Apps\Menu\FreakMenu.aif
· E:\System\Apps\Menu\FreakMenu_caption.rsc
· E:\System\Apps\MidpUi\MidpUi.app
· E:\System\Apps\MixPix\MixPix.app
· E:\System\Apps\Mp3Go\Mp3Go.App
· E:\System\Apps\Mp3Player\Mp3Player.App
· E:\System\Apps\MusicPlayer\MusicPlayer.a159
· E:\System\Apps\MusicPlayer\MusicPlayer.a31
· E:\System\Apps\MusicPlayer\MusicPlayer.app
· E:\System\Apps\MusicPlayer\MusicPlayer.r159
· E:\System\Apps\MusicPlayer\MusicPlayer.r31
· E:\System\Apps\Opera\Opera.App
· E:\System\Apps\Opera\Opera.a159
· E:\System\Apps\Opera\Opera.a31
· E:\System\Apps\Opera\Opera.r159
· E:\System\Apps\Opera\Opera.r31
· E:\System\Apps\Opera\bookmarks
· E:\System\Apps\Opera\csr.css
· E:\System\Apps\Opera\opera.def
· E:\System\Apps\Opera\opf.css
· E:\System\Apps\Opera\wml.css
· E:\System\Apps\PMODE\PMODE.App
· E:\System\Apps\PMODE\PMODE.a159
· E:\System\Apps\PMODE\PMODE.a31
· E:\System\Apps\PMODE\PMODE.r159
· E:\System\Apps\PMODE\PMODE.r31
· E:\System\Apps\Phoneapp\PhoneApp.r159
· E:\System\Apps\Phoneapp\PhoneApp.r31
· E:\System\Apps\Phoneapp\Phoneapp.a159
· E:\System\Apps\Phoneapp\Phoneapp.a31
· E:\System\Apps\Phoneapp\SDPicMask.mbm
· E:\System\Apps\Phoneapp\phoneApp.App
· E:\System\Apps\Phoneapp\phoneapp_caption.r159
· E:\System\Apps\Phoneapp\phoneapp_caption.r31
· E:\System\Apps\PhotoBase\PhotoBase.App
· E:\System\Apps\Picodrive\Picodrive.App
· E:\System\Apps\PowerFile\PowerFile.App
· E:\System\Apps\Shell\Shell.a159
· E:\System\Apps\Shell\Shell.a31
· E:\System\Apps\SkyForce\SkyForce.App
· E:\System\Apps\SmartMovie\SmartMovie.App
· E:\System\Apps\Switcher\Switcher.App
· E:\System\Apps\Tasks\Tasks.App
· E:\System\Apps\Tasks\Tasks.a159
· E:\System\Apps\Tasks\Tasks.a31
· E:\System\Apps\Typepad\Typepad.App
· E:\System\Apps\VisualRadio\VisualRadio.App
· E:\System\Apps\VisualRadio\visualradio.a159
· E:\System\Apps\VisualRadio\visualradio.a31
· E:\System\Apps\VisualRadio\visualradio.r159
· E:\System\Apps\VisualRadio\visualradio.r31
· E:\System\Apps\VoiceRec\VoiceRec.a159
· E:\System\Apps\VoiceRec\VoiceRec.a31
· E:\System\Apps\VoiceRec\VoiceRec.app
· E:\System\Apps\VoiceRec\VoiceRec.r159
· E:\System\Apps\VoiceRec\VoiceRec.r31
· E:\System\Apps\WILDSKIN\WILDSKIN.App
· E:\System\Apps\extendedrecorder\extendedrecorder.App
· E:\System\Apps\flashlight\flashlight.App
· E:\System\Apps\implus\implus.App
· E:\System\Apps\irremote\irRemote.App
· E:\System\Apps\logoMan\logoMan.app
· E:\System\Apps\mmp\mmp.App
· E:\System\Apps\msn\msn.App
· E:\System\Apps\muma\MuMa.App
· E:\System\Apps\putty\putty.App
· E:\System\Apps\vpnpolins\vpnpolins.aif
· E:\System\Apps\vpnpolins\vpnpolins.app
· E:\System\Apps\vpnpolins\vpnpolins.rsc
· E:\autorun.inf
· E:\etelmm.dll
· E:\etelpckt.dll
· E:\infectSIS.exe, which is the Windows component of SymbOS.Lasco.A
· E:\etelsat.dll