SymbOS.Pbstealer.D - SlashPhone.com

   Industry News
   Mobile Phones
   Reviews
   Videos
   Microsoft
   Palm
   Symbian
   Gadgets
   Linux
   SavaJe
   VoIP
   Security
   Events
   F.A.Q & Tips

   RSS Feed
   Send us your tips
   Advertising

Advertisement Section

SymbOS.Pbstealer.D


Last update: 26-01-06	Submitted by ahbao
Views: 1203	Home Security

SymbOS.Pbstealer.D is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan sends the user's contact information database, Notepad, and Calendar To Do list to other Bluetooth-enabled devices.

It has been reported that the Trojan arrives on the compromised device as the following files:

ChattingYuk.SIS
PBCompressor.SIS

If the user opens this .sis file, the device Installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems.

Technical details

When SymbOS.Pbstealer.D is executed, it performs the following actions:

Displays one of the following messages, depending on the threat version:

Message 1:
Install
MyProfile

Message 2:
Install
PBCompressor
Displays the following message if the user installs the file:

Compacting
your contact(s), step2

Please wait again
until done...
Installs itself as the following files:

C:\system\Mail\00110001_S\pbcompressor.app
C:\system\Mail\00110001_S\pbcompressor.rsc
Copies the contents of the user's contact information database, Notepad, and Calendar To Do list to the following file:

C:\SYSTEM\MAIL\PHONEBOOK.TXT
Scans for Bluetooth-enabled devices. It repeatedly attempts to send the file C:\SYSTEM\MAIL\PHONEBOOK.TXT to the first Bluetooth-enabled device it finds.
Stops trying to send the above file via Bluetooth after one minute and displays the following message:

Compacting your contact(s), step2
Done!!!

Note: The Trojan appears to contain some bugs, and it may crash and stop running.
One of the following files is created by the Installer, not the threat:

\system\install\ChattingYuk.SIS
\system\install\PBCompressor.SIS
Deletes the above files and also deletes the Installer and the Install Stub left in the C:\System\Apps\Install directory to hide its tracks after the user has selected "Done, press OK to exit" (after the threat has stolen and sent the Phonebook details).

Removal Instructions

Install a file manager program on the device.
Enable the option to view the files in the system folder.
Navigate to and delete the following malicious files:

C:\system\Mail\00110001_S\pbcompressor.app
C:\system\Mail\00110001_S\pbcompressor.rsc
C:\SYSTEM\MAIL\PHONEBOOK.TXT
\System\Install\ChattingYuk.sis
\System\Install\PBCompressor.sis
ChattingYuk.SIS
PBCompressor.SIS
Exit the file manager.

Lastest News in this category

AhnLab exports a vaccine for mobile phones overseas for the first time
AhnLab recently entered into an agreement for OEM (original equipment manufacturing) supply of its security product 'AhnLab Mobile Security' to Tai...

Kaspersky Mobile Security 7.0 will Catch Phone Thief Now
Kaspersky Lab announced the release of a new product for the integrated protection of smartphones running Symbian and Windows Mobile. Kaspersky Mob...

McAfee Research Reveals Majority of Consumers Concerned Over Mobile Safety
McAfee announced findings from new research that reveals that almost three out of four mobile consumers (72%) are concerned about the security of t...

SMobile Announces Solution for Beselo Worm Virus
SMobile Systems announced that it has prepared and tested a mobile anti-virus update and disinfection tool for its Security Shield platform to help...

F-Secure and Sony Ericsson partner to deliver Mobile Security for UIQ
F-Secure Corporation is today announcing the availability of its Mobile Security product for the UIQ platform. F-Secure and Sony Ericsson are partn...

Free Mobile Phone Wallpaper
gfyc_520	409c_21	ddke_187	dm3d_098