Some security vendors have issued alerts for SymbOS/Commwarrior.a!sys, a malicious .SIS file targeting Nokia series 60 based devices. The virus masquerades as a variety of benign applications, including games, porn, and cross platform emulators. See Table 1 - SIS Message Text for a more complete list of subjects and message content.
It replicates by sending itself to nearby Bluetooth devices as well as via MMS. The MMS recipient appears to be selected from the host address book. Once it is in the host inbox the user can view the message and must approve the installation of the SIS. Once installed several files are dropped (see Table 1 - SIS Message Text) and the virus sets itself up for automatic execution at system start.
Affected Platforms:
Series 60 devices
Confirmed devices:
Nokia 7610
Nokia 6600
More information can be found at McAfee page.
According to Symantec, which also issued an alert, SymbOS.Commwarrior.A is a worm that replicates on Series 60 phones. It attempts to spread using Multimedia Messaging Service (MMS) and Bluetooth as a randomly named .sis file.
Technical details can be found at this Symantec page.
According to Trend Micro, SYMBOS_COMWAR.A is Symbian malware that can infect mobile devices running Symbian OS. It may be downloaded from certain Web site as the archive file COMMWARRIOR.ZIP, which contains the malware installer COMMWARRIOR.SIS. It propagates via Bluetooth using random file names.
Upon execution on a mobile device, this malware installs itself by dropping the following files:
C:\system\apps\CommWarrior\commwarrior.exe
C:\system\apps\CommWarrior\commrec.mdl
This malware affects mobile phones running Symbian OS Series 60, such as the following:
Nokia 3650, 3600
Nokia 3660, 3620
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1
Technical details can be found at this Trend Micro page.
3/8: SymbOS/Commwarrior-A Hits Nokia
