|
UMU Scan protects against this virus. |
|
High |
Worm |
153 |
09/04/2008 |
24/04/2008 |
Arriving on your phone disguised as a media file, once installed on your phone, it replicates itself and sends it to the nearest Bluetooth device it can find. It also waits for incoming SMS messages and replies to the number with an infected MMS at your cost. This virus also sends infected MMS to random numbers in
SymbOS/Beselo.C arrives as a SIS installation package disguised as a media file. This tricks users into executing this Worm on their phones. The SIS installer may be named as any one of the following:
c:\system\data\<random letters>.exe
c:\system\data\<random letters>.dat
c:\system\data\<random letters>.ini
This EXE component in turn drops a copy of itself in C:\SYSTEM\APPS and E:\SYSTEM\APPS as well as a matching file:
\SYSTEM\Recogs\<1st 4 letters of EXE component’s name>.mdl
that automatically executes the exe component at the phone’s startup.
It also creates its own SIS installation package:
C:\SYSTEM\APPS\<random letters>.SIS
Once installed, it searches for an available Bluetooth device, connects to the device, and sends a copy of its SIS installer.
SymbOS/Beselo.C waits for incoming SMS messages then sends an MMS message as a reply. This tricks the receiver into thinking that the compromised MMS came from a trusted source. The MMS has a subject of “photo” and a copy of SymbOS/Beselo.C’s SIS installer.
SymbOS/Beselo.C affects phones running the Symbian S60 platform. Some affected phones include the following:
Manual Disinfection
- Scan your mobile device using UMU Scan and delete all files detected as SymbOS/Beselo.C.
- Reboot your device to kill malware residue processes.