» Topic:  More information on Commwarrior.C

» Added by:  Jarno

» Date:  18.10.2005

  It certainly does lots of things, and none of them are nice. This is probably the most dangerous mobile phone virus we've seen so far. Luckily it doesn't seem to be widespread.

Commwarrior.C spreads over Bluetooth in same manner as earlier variants, but the MMS functionality however is quite different.

First of all, Commwarrior.C goes through the address book and sends messages to numbers found in there, just like A and B variant did. But in addition, it also mimics the users MMS behavior. Commwarrior.C listens for any arriving MMS and SMS messages and replies to them with infected MMS! And when user sends a SMS message, Commwarrior follows this by sending immediatly a second message to the same address: an infected MMS.

The messages being sent by Commwarrior.C contain texts gathered from SMS messages that are stored on the phone, which means that the recipient of MMS message will receive a text that doesn't seem too strange.

Together these make a very strong social engineering trick: you send a SMS message to an infected friend, and his phone immediatly answers you back with an infected MMS, complete with message text stolen from random earlier messages!

Commwarrior.C also copies itself on any MMC card inserted into the phone, so it is also a virus capable of spreading to other phones if you share your card.

Regardless of the spreading method, the recipient still has to accept and install the SIS file of the virus, and accept the usual system warning of installing an unsigned application.

In addition of spreading, Commwarrior.C also contains some payloads, by which it indicates that it has infected the phone. On some phones the Commwarrior changes the operator logo to it's own logo which contains text "Infected by CommWarrior".

Source : f-secure.com