Drever.C is a malicious SIS file trojan that attacks bootloader
files of several mobile Anti-Virus programs, and tries to attack
F-Secure Mobile Anti-Virus by overwriting its files.
The Drever.C attacks bootloader files of Kaspersky, Simworks and
F-Secure Symbian Anti-Virus products.
In addition of trying to overwrite the bootloaders, the Drever.C
will also try to cripple F-Secure Mobile Anti-Virus by replacing
it's binaries with corrupted ones.
However as F-Secure Mobile Anti-Virus contains protection against
any modification attempts of its own files, both attacks will fail
when Anti-Virus is in realtime scan mode as it is by default.
If the F-Secure Mobile Anti-Virus is switched off, or in manual
scan mode, which is basically same as switched off. The attack
will damage Anti-Virus, but user can recover easily by re-installing
Anti-Virus.
When Drever SIS file is installed to the system it try to replace the
bootloader files used by Kaspersky, Simworks and F-Secure Symbian
Anti-Virus products with corrupted versions. In addition of bootloader
files the Drever.C will also install corrupted binaries or F-Secure Mobile
Anti-Virus and corrupted licence file of Simworks Anti-Virus.
If the device has F-Secure Mobile Anti-Virus with updated databases, the
Drever.C will be detected before it can be installed. If the device does not
have up to date databases, the install will still fail as attempt to overwrite
F-Secure Anti-Virus files will crash the application installer, thus terminating
the installation of Drever.C
The files are corrupted by manually editing them and writing text '123' into
random locations in the files.
Some of the edited files contain strings intended as messages to AV vendors:
FSECURE MUST DIE!!!!!!
Please, don't make new antiviruses for my viruses and I stop make
viruses for your antiviruses. My target is Simworks!
=)
Spreading in
New_bases_and_crack_for_antiviruses.sis
![](/images/pixel.gif"){kind=tracking}
