Trend Micro

ots-Eilmeldung: Mobile Malware Gets Serious …

    Unterschleißheim (ots) - Wir stellen Ihnen im Original eine Virenwarnung zur Verfügung, die wir von unserem North American Corporate Headquarter in Cupertino, Ca. erhalten haben:

Once Limited to One Mobile Device At Time, A New Threat Can Now Infect Your PC

While a great deal of attention has been paid to mobile malware over the past year, due to their limited propagation abilities they have not yet been seen as serious threats by most.

Security experts have long warned that malware writers frequently prefer to utilize new and emerging technology, and that eventually that desire will lead to a fully-functioning mobile attack. Today, researchers at antivirus and content security firm Trend Micro have discovered such a mobile threat that confirms malware writers are committed in their efforts.

SYMBOS_CARDTRP.A originates in Symbian Series 60 devices, but has the potential to spread to PCs running the Microsoft Windows Operating System. There are two methods by which the mobile device can be infected:

1) Receiving the malware manually via Bluetooth or MMS 2) Downloading and installing it from the Web

Here’s how it works:

• Like many of its predecessors, SYMBOS_CARDTRP.A propagates via Bluetooth (within a10 meter range). The infection then resides in the memory card of the mobile device.

• This malware also overwrites normal applications installed on the affected mobile device with malformed copies, thus preventing those applications from working properly.

• This malware contains the additional capability to infect Windows- based PCs from the phone. If the user inserts the infected memory card into their PCs card slot, the infection has the potential to infect the PC, then attempts to spread to other PCs from there.

• SYMBOS_CARDTRP.A drops the following 4 files into the E: directory (commonly utilized by the memory card):

o fsb.exe, detected by Trend Micro as BKDR_BERBEW.Q, attempts to compromise machines and steal password information o buburuz.ICO, which masquerades as the icon file for the memory card o autorun.inf, which attempts to automatically execute fsb.exe o SYSTEM.exe, detected by Trend Micro as WORM_WUKILL.B

• When the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, though the file SYSTEM.exe does not contain an automatic startup routine, it has the appearance of a legitimate folder icon in an attempt to lure users into executing it.

• If successfully executed, the malware then launches WORM_WUKILL.B, which attempts to spread the infection to other PCs.

While the potential for infection from SYMBOS_CARDTRP.A is still low at this stage, Raimund Genes, Chief Technologist for Malware, recommends that it’s prudent for all users to remain vigilant. “This attack is really a proof of concept and may be an indication of a new type of blended threat to come” Genes said. “As mobile threats continue to evolve, it’s likely that we will see further attacks similar to this, but utilizing more robust propagation techniques and therefore carrying a higher potential for infection.”

Security experts at Trend Micro recommend that users take the following measures to protect against this and other attacks:

1) Do not accept any unsolicited application or SMS from anybody you don't know, particularly if the item was unexpected.

2) Only download applications from trusted sites. Even when the site is trusted, verify that the application you are downloading is what you are expecting.

To download a free trial module to protect against this threat, visit For additional information on SYMBOS_CARDTRP.A, please visit the Trend Micro Virus Encyclopaedia at VName=SYMBOS%5FCARDTRP%2EA&VSect=T.

Herausgegeben im Auftrag von:

TREND MICRO Deutschland GmbH Hana Göllnitz Lise-Meitner-Straße 4 D-85716 Unterschleissheim Tel.: +49(0)89/37479-700 Fax:  +49(0)89/37479-799 E-Mail:


shortways communications
Vera M. Sander
Tengstraße 33
D-80796 München
Tel.: +49(0)89/89 06 67-0
Fax:  +49(0)89/89 06 67-29

Original-Content von: Trend Micro, übermittelt durch news aktuell

Weitere Meldungen: Trend Micro

Das könnte Sie auch interessieren: