F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Contact Us

F-Secure Trojan Information Pages : Cdropper

[Summary] | [Disinfection] | [Detailed Description]

Name:Cdropper
Category:Trojan
Platform:SymbOS

Summary

CDropper is a family of Symbian SIS file trojan that will install Cabir variant(s) into the device. Effect on the device is depending on the Cabir variant and place where it’s dropped.

Disinfection

F-Secure Mobile Anti-Virus will detect the installed Cabir variants and delete the worm components. After deleting worm files you can use application manager to uninstall the SIS file that dropped the worm.

If your phone is infected with Cabir variant and you cannot install files over Bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone

  1. Open web browser on the phone
  2. Go to http://mobile.f-secure.com
  3. Select link "Download F-Secure Mobile Anti-Virus" and select phone model
  4. Download the file and select open after download
  5. Install F-Secure Mobile Anti-Virus Go to applications menu and start Anti-Virus
  6. Scan all files


Back to the Top


Detailed Description

The CDropper installs Cabir variant(s) into several places in the device file system. Some of the installed Cabirs will replace system or common third party applications. If user has one of those applications installed into system it gets replaced with Cabir and its icon in the menu will go blank.

If user clicks on one of the replaced icons in the menu, the Cabir that has replaced that application will start and try to spread to other devices.

Some of the Cdropper variants will also install auto start component that tries to automatically start Cabir upon system reboot.


Back to the Top


Write-up: Mika Tolvanen

Technical Details: Mika Tolvanen, January 13, 2006

Description Updated: Jarno Niemelä, January 13, 2006

F-Secure Corporation