McAfee: Virus Profile: SymbOS/Beselo
|– Home Users:||Low-Profiled|
|– Corporate Users:||Low-Profiled|
The risk assessment of this threat was updated to Low-Profiled due to media attention.
To Obtain an ED for this threat please visit:
Method of Infection
SymbOS/Beselo is distributed in a SIS file named “beauty.jpg“. Although the extension is that of an image file, the Installer will still recognize the file and attempt to install.
The malware also attempts to disguise itself as other types of media files under the filenames “love.rm” and “sex.mp3” .
SymbOS/Beselo attempts to propagate via MMS. It sends an MMS to each number in the phonebook. The malware attaches itself under the previously listed media file names. It will also send itself to other numbers belonging to subscribers of a mobile carrier in Asia.
SymbOS/Beselo sends MMS messages about every 2 minutes. If the GPRS connection is disabled, it will spread itself through Bluetooth.
SymbOS/Beselo will spread every minute over Bluetooth. The malware does not keep track of infected devices and continues to send itself via Bluetooth to nearby devices.
The malware tries to prevent deletion by copying itself to the memory card. SymbOS/Beselo copies an MDL file to the \System\Recogs\ directory in order to run on startup. If any of the malware’s components(EXE,SIS,MDL) have been deleted, SymbOS/Beselo will restore them.
No comments yet.