The Web    Google
3/8: SymbOS/Commwarrior-A Hits Nokia

3/8: SymbOS/Commwarrior-A Hits Nokia
March 8, 2005

Some security vendors have issued alerts for SymbOS/Commwarrior.a!sys, a malicious .SIS file targeting Nokia series 60 based devices. The virus masquerades as a variety of benign applications, including games, porn, and cross platform emulators. See Table 1 - SIS Message Text for a more complete list of subjects and message content.

It replicates by sending itself to nearby Bluetooth devices as well as via MMS. The MMS recipient appears to be selected from the host address book. Once it is in the host inbox the user can view the message and must approve the installation of the SIS. Once installed several files are dropped (see Table 1 - SIS Message Text) and the virus sets itself up for automatic execution at system start.

Affected Platforms:

Series 60 devices

Confirmed devices:

Nokia 7610
Nokia 6600

More information can be found at McAfee page.

According to Symantec, which also issued an alert, SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file.

Technical details can be found at this Symantec page.

According to Trend Micro, SYMBOS_COMWAR.A is Symbian malware that can infect mobile devices running Symbian OS. It may be downloaded from certain Web site as the archive file COMMWARRIOR.ZIP, which contains the malware installer COMMWARRIOR.SIS. It propagates via Bluetooth using random file names.

Upon execution on a mobile device, this malware installs itself by dropping the following files:


This malware affects mobile phones running Symbian OS Series 60, such as the following:

  • Nokia 3650, 3600
  • Nokia 3660, 3620
  • Nokia 6600
  • Nokia 6620
  • Nokia 7610
  • Nokia 7650
  • Nokia N-Gage
  • Panasonic X700
  • Sendo X
  • Siemens SX1

    Technical details can be found at this Trend Micro page.

  • Web Services Security in .NET
  • 7/28: Downloader-NE.dr a New Trojan
  • 4/8: Imabut-A Trojan a Floppy Disk Image
  • Denial of Service a Big WLAN Issue
  • Microsoft to Strike IE URL Passwords
  • Deceptive Duo Hacker Changes Plea
  • Corporate Data Leaks Spur Interest in Storage Security
  • CERT: Sendmail Hacked
  • Intellitactics Upgrades Security Manager Tool
  • 9/23: Backdoor-CHP Lets Data Through
  • Too Many Lost Emails Leave us Unconnected
  • Security Camera Product