Sigillu

Secure Communications

McAfee: Virus Profile: SymbOS/Beselo

Risk Assessment
– Home Users: Low-Profiled
– Corporate Users: Low-Profiled
Date Discovered: 20/01/2008
Date Added: 23/01/2008
Origin: N/A
Length: Varies
Type: Virus
SubType: Worm
DAT Required: 5214

Virus Characteristics

— Update January 23, 2008 —
The risk assessment of this threat was updated to Low-Profiled due to media attention.

To Obtain an ED for this threat please visit:

http://www.webimmune.net/extra/getextra.aspx

Method of Infection

SymbOS/Beselo is distributed in a SIS file named “beauty.jpg“. Although the extension is that of an image file, the Installer will still recognize the file and attempt to install.

The malware also attempts to disguise itself as other types of media files under the filenames “love.rm” and “sex.mp3” .

SymbOS/Beselo attempts to propagate via MMS. It sends an MMS to each number in the phonebook. The malware attaches itself under the previously listed media file names. It will also send itself to other numbers belonging to subscribers of a mobile carrier in Asia.

SymbOS/Beselo sends MMS messages about every 2 minutes. If the GPRS connection is disabled, it will spread itself through Bluetooth.

SymbOS/Beselo will spread every minute over Bluetooth. The malware does not keep track of infected devices and continues to send itself via Bluetooth to nearby devices.

The malware tries to prevent deletion by copying itself to the memory card. SymbOS/Beselo copies an MDL file to the \System\Recogs\ directory in order to run on startup. If any of the malware’s components(EXE,SIS,MDL) have been deleted, SymbOS/Beselo will restore them.

Link to McAfee site

Sigillu_Logo

January 27, 2008 - Posted by | cellular phone, English, mobile, Nokia, security, technology

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: