Symbian OS cabir and skulls
Results 1 to 6 of 6

Thread: Symbian OS cabir and skulls

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    Thumbs up Symbian OS cabir and skulls

    I was searching for recently discovered skulls virus for symbian OS I was basically looking for some information on its working or source code this is what i found:



    SYMBIAN OS:

    Symbian OS is an operating system with associated libraries, user interface frameworks and reference implementations of common tools, produced by Symbian. It is a descendent of Psion's EPOC.

    There are multiple user interface flavours that use the Symbian OS, such as UIQ and Nokia's Series 60. The adaptability of the user interface enables the use of Symbian OS on various form-factors of hand-held devices: clam-shell or tablet, keyboard and/or pen, PDA or mobile phone, and others.

    Symbian OS is structured like many desktop operating systems, with pre-emptive multitasking, multithreading and memory protection.



    Programming:

    Symbian OS's flavour of C++ is very specialised, and quite hard to program. However, for those wanting an easier life, Symbian OS devices can also be programmed in OPL, Python, Visual Basic, Simkin and Perl - together with the J2ME and Personal Java flavours of Java.

    First worm discovered:

    In 2004 the first worm for mobile phones using Symbian OS, Cabir, was developed, which used Bluetooth to spread itself to nearby phones.

    Cabir (also known as EPOC.cabir and Symbian/Cabir) is the name of a computer worm developed in 2004 that is designed to infect mobile phones running Symbian OS. It is believed to be the first computer worm that can infect mobile phones. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.

    The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts also believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention. It failed to infect any of its targets.

    Skulls virus and its working:

    Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

    The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

    If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

    This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

    Discription:

    Skulls SIS file does not contain any malicious code as such, it is just a Symbian Installation file that installs critical System ROM binaries into C: drive in with exact same names and locations as in the ROM drive.

    Symbian operating system has a feature which causes any file that is in C: drive replace file in ROM drive with identical name and location.

    The application files installed by Skulls are normal Symbian OS files extracted from the phone ROM. The malicious part is in the AIF (Application Info and icon) file which comes with the applications. Instead of correct AIF file the Skulls SIS will install AIF file that has Skulls and crossbones as icon and instead of real application it will point to nowhere.


    Disinfection

    If you have not rebooted the phone after installing "Extended theme.sis"

    Currently the only known method of uninstall works if you have some third party file manager installed into your phone.

    1. Go to c:\System\apps\appinst and delete
    c:\System\apps\appinst
    c:\System\apps\menu
    c:\System\apps\mce
    2. Open the applications menu
    3. Look for web browser, it's icon should still be normal
    4. Download F-Secure Mobile Anti-Virus for your device
    http://www.europe.f-secure.com/estore/avmobile.shtml
    or with mobile itself
    http://mobile.f-secure.com
    5. Install F-Secure Mobile Anti-Virus
    6. Start F-Secure mobile Anti-Virus
    7. Scan your device to remove malicious AIF files
    8. Go to application manager
    9. Uninstall "Extended theme.sis"

    If have rebooted the phone or don't have third party file manager installed

    1. Make sure you have Nokia PC-Sync installed and functional
    2. Download PC file manager from http://www.epocware.com
    3. Using PC file manager delete
    c:\System\apps\appinst
    c:\System\apps\menu
    c:\System\apps\mce
    4. Download and install F-Secure Mobile Anti-Virus for your device
    http://www.europe.f-secure.com/estore/avmobile.shtml
    5. Start F-Secure mobile Anti-Virus
    6. Scan your device to remove malicious AIF files
    7. Go to application manager
    8. Uninstall "Extended theme.sis"

    Programming:
    I tried searching for source code for skulls and cabir but it is not available but if you are interested in programming symbian OS here are a few cool links.

    http://www.forum.nokia.com/main/0,,1_32_30,00.html(this is a cool one also i heard about nokia training on symbian OS programming just in case anyone is interested check that out too)
    http://www.symbian.com/developer/tec..._technique.asp


    That is all.
    nobody is perfect i am nobody

  2. #2
    Banned
    Join Date
    Dec 2004
    Posts
    8
    Nice one nick!Is there any nice books on symbian OS ?
    I just had a question about your post do you think that this skulls virus is developed in c++ or java?
    If you find any source code for that in future plz post it here.Thanks for lovely information.

  3. #3
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    WHere's the Suse phone?

    Watch.. in the future people will pick their phone service provider NOT on customer service, usability or service coverage BUT the flavor of OS the phone runs. Nice article, almost makes one want to go out and get a Sybian dev platform. I played with the java platform for mobile devices. My phone is Java...
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  4. #4
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by b3mok
    Nice one nick!Is there any nice books on symbian OS ?
    I just had a question about your post do you think that this skulls virus is developed in c++ or java?
    If you find any source code for that in future plz post it here.Thanks for lovely information.
    Well I don't know i have been trying to find that information for some time now but i am affraid that information is not available.To find that out i have to learn symbian OS programming in c++ atleast and try to do what skulls discription said.It takes time.The day i find that out i will certainly post it on AO.If anyone has that information plz post it.


    Originally posted here by RoadClosed
    WHere's the Suse phone?

    Watch.. in the future people will pick their phone service provider NOT on customer service, usability or service coverage BUT the flavor of OS the phone runs.
    May be who knows...I heard that nokia is going to provide antivirus protection to there java enable mobile phones and two of them are ready for release.

    http://www.nokia.com/nokia/0,8764,63946,00.html
    http://www.nwfusion.com/news/2004/0923nokiaadds.html
    http://www.mobiletracker.net/archive..._communica.php
    http://www.symbolic.it/Prodotti/Handheld/nokia-av.shtml

    They are providing traing to interested software professionals in many country around the world although i don't have detailed information about that training but one thing is for sure they have analysed the danger pretty well.


    Also Security on mobile phone is not a big issue right now as no keylogger or trojans have yet been discovered the worm cabir and virus skulls i refered are just a POC.
    Also different mobile companies use different OS so in order to make a virus or trojan either one needs to make it for a perticular OS like symbian or write it differently for all other OS.
    nobody is perfect i am nobody

  5. #5
    Banned
    Join Date
    Dec 2004
    Posts
    8
    Originally posted here by littlenick
    Well I don't know i have been trying to find that information for some time now but i am affraid that information is not available.To find that out i have to learn symbian OS programming in c++ atleast and try to do what skulls discription said.It takes time.The day i find that out i will certainly post it on AO.If anyone has that information plz post it.
    What should i go for java or c++ if i am lookin forward to mobile programming?You said there is no keylogger or trojan currently is it possible to have one for mobile devices?after reading this interesting post I just wanna start symbian programming would it be helpful in my career?

  6. #6
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by b3mok
    What should i go for java or c++ if i am lookin forward to mobile programming?You said there is no keylogger or trojan currently is it possible to have one for mobile devices?after reading this interesting post I just wanna start symbian programming would it be helpful in my career?
    answer to your first question is it depends on what you are good at and what you are looking forward to if you are a hardcore c programmer i suggest that you go for c++ else take up j2me as your platform.
    But if you want to do hardcore OS programming including learning how these viruses and worms work i will suggest you to take up c++.
    Just give me some time i will come up with a introductory tut about it on AO.

    second answer : yes it is possible to design a trojan or a keylogger for mobiles although it is not so easy and takes a lot of effort also the fact that many mobile companies use different OS makes it difficult symbian being the most widely used was the first target of virus writers and i believe it will always be a prime target of virus writers in the comping future.
    nobody is perfect i am nobody

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •