Commwarrior
| Commwarrior | |
|---|---|
| Malware details | |
| Alias | Symb/Comwar-A |
| Type | Symbian Bluetooth Worm |
| Subtype | Nokia Series 60 infecter |
| Classification | Mobile phone virus |
Commwarrior is a Symbian Bluetooth worm that was the first to spread via Multimedia Messaging Service (MMS) and Bluetooth.[1][2] The worm affects only the Nokia Series 60 software platform.
Infection
[edit | edit source]Commwarrior was particularly effective via the MMS vector it used to infect other phones. It appeared as though it had been sent from a source that was known to the victim, leading even security-conscious users to open the infected message.[3] Actually, the message was sent at random to a contact in the sender's address book. Once the message is opened, the virus attempts to install itself on the phone via a SIS file. As it runs, the worm is executed every time the phone is switched on.[1]
A secondary method of infection is to create a malicious .SIS file on a compromised phone. Once per minute thereafter, the worm attempts to send this file to any phone that has Bluetooth enabled.[4]
Symptoms
[edit | edit source]According to Sophos, during installation the program has a one in six chance of displaying the following text:[1] "CommWarrior v1.0 (c) 2005 by e10d0r"
References
[edit | edit source]- ^ a b c Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).