資料來源:北京日月光華
類型: Trojan 平台: Symbian
別名: Singlejump.K
概述: SymbOS.Doomboot.S 是一個木馬,向中毒手機中安裝已損壞的檔案,以阻止手機正常重啟。
傳播方式: 以 Security - Application.sis 的形式。
病毒危害:
當用戶點擊 SIS 檔案的時候,手機的安裝程式將顯示一對話框,提示用戶此應用程式來源不穩定,可能會產生問題。如果用戶點擊 yes ,手機提示用戶安裝如下程式:
Install
Security – Application
在安裝過程中,同樣顯示如下信息:
Security - Application For Series 60 Copyright ? 2006 0ID500 Inc. All rights reserved *** 0ID500 TEAM ***
當 SymbOS.Doomboot.S 執行以後,將進行如下操作:
1.釋放如下檔案:
.\SendSIS.sis (a copy of SymbOS.Cardblock.A)
[DriveLetter]\System\apps\AppInst\Appinst.aif
[DRIVELETTER]\System\apps\AppInst\Appinst.app
[DRIVELETTER]\System\apps\BtUi\BtUi.app
[DRIVELETTER]\System\apps\FSpreader\FSpreader.app (A copy of SymbOS.Sendtool.A)
[DRIVELETTER]\System\apps\FSpreader\FSpreader.rsc
[DRIVELETTER]\System\apps\FSpreader\PATH.TXT
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.aif
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.app (A copy of Trojan.Mos)
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.rsc
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos_caption.rsc
[DRIVELETTER]\System\apps\Mosquitos\addon1.pcm
[DRIVELETTER]\System\apps\Mosquitos\addon21.pcm
[DRIVELETTER]\System\apps\Mosquitos\addon22.pcm
[DRIVELETTER]\System\apps\Mosquitos\audio.dat
[DRIVELETTER]\System\apps\Mosquitos\gameover.pcm
[DRIVELETTER]\System\apps\Mosquitos\menuswitch.pcm
[DRIVELETTER]\System\apps\Mosquitos\ragg.pcm
[DRIVELETTER]\System\apps\Mosquitos\raggc.pcm
[DRIVELETTER]\System\apps\Mosquitos\saugen.pcm
[DRIVELETTER]\System\apps\Mosquitos\shoot.pcm
[DRIVELETTER]\System\apps\Mosquitos\shoothit.pcm
[DRIVELETTER]\System\apps\Mosquitos\winken.pcm
[DRIVELETTER]\System\apps\OIDI500\OIDI500.aif
[DRIVELETTER]\System\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir)
[DRIVELETTER]\System\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir)
[DRIVELETTER]\System\apps\OIDI500\OIDI500.rsc
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.aif
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.app
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.rsc
[DRIVELETTER]\System\apps\ProfiMail\Data\Alert.mid
[DRIVELETTER]\System\apps\Profimail\Data\PM_S60.dta
[DRIVELETTER]\System\apps\Profimail\Data\config.bin
[DRIVELETTER]\System\apps\Profimail\Data\messages.bin
[DRIVELETTER]\System\apps\Profimail\Data\shop.txt
[DRIVELETTER]\System\apps\Profimail\ProfiMail.aif
[DRIVELETTER]\System\apps\Profimail\ProfiMail.app
[DRIVELETTER]\System\apps\Profimail\ProfiMail.rsc
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.APP (A copy of SymbOS.Mabir.A )
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.RSC
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.SIS (A copy o f SymbOS.Mabir.A )
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\INFO.SIS (A copy of SymbOS.Mabir.A )
C:\ETel.dll
C:\System\Fonts\Kill sadam font.gdr (A cop y of SymbOS.Fontal.A )
C:\System\Fonts\Panic.gdr (A copy of SymbOS.Blankfont.A )
C:\System\install\PhoneBook.SIS (A copy of SymbOS.Pbstealer.A )
C:\System\install\autoexecdaemon.SIS (A copy of SymbOS.Cabir.C )
C:\System\install\commwarrior.SIS (A copy of SymbOS.Commwarrior.A )
C:\System\recogs\flo.mdl (A copy of SymbOS.Mabir.A )
注意:如果手機重啟,這些檔案將被釋放並使手機功能異常。
2.安裝器將創建如下檔案:
\system\install\Security - Application.sis
參考資料:http://www.m-virus.com/post/127.html
