|
UMU Scan protects against this virus. |
|
High |
Worm |
153 |
09/04/2008 |
24/04/2008 |
Arriving on your phone as part of SymbOS/Kiazha.A, this virus infects your Multi Media Card and spreads itself when the MMC is inserted into a different phone. It creates what look like media files, but they are the virus installer. Once installed on your phone, it replicates itself and sends it to the nearest Bluetooth device it can find. It also waits for incoming SMS messages and replies to the number with an infected MMS at your cost. This virus also sends infected MMS to random numbers in China at your cost.
SymbOS/Beselo.D arrives as a dropped component of SymbOS/Kiazha.A named ZN.EXE.
Upon execution, it drops the following copies of itself and components:
C:\System\Apps\DATA\ZN.sis - sis installer
The copies it dropped in the phone’s Multi Media Card (drive E) helps this worm to propagate. When the compromised MMC is inserted in a new phone, Beselo.D infects that phone.
In spite of the file extensions of these files suggesting that these are media files, this is just a trick and the files are actually SIS installers for this Symbian worm.
Once installed, it searches for an available Bluetooth device, connects to the device, and sends a copy of its SIS installer.
SymbOS/Beselo.D waits for incoming SMS messages then sends an MMS message as a reply. This tricks the receiver into thinking that the compromised MMS came from a trusted source. The MMS has a subject of “photo” and a copy of SymbOS/Beselo.D’s SIS installer.
SymbOS/Beselo.D affects phones running the Symbian S60 platform. Some affected phones include the following:
Manual Disinfection
- Scan your mobile device using UMU Scan and delete all files detected as SymbOS/Beselo.D.
- Reboot your device to kill malware residue processes.