Summary

Skudoo.B is a combination of several previous Skulls variants. Skudoo.B contains component files from Skulls.D and Skulls.N among other variants.

Skudoo.B also drops several Cabir variants on the phone and component files Doomboot.A trojan.

The Doomboot component dropped by Skudoo.B prevents phone from rebooting, so if your phone is infected with Skudoo.B, it is critical not to reboot the phone.

As Skudoo.B breaks the application manager and application installer, the only currently working method of disinfection works with phones that have removable memory card.

Additional Details

Spreading in SplinterCell-ChaosTheory_S60_cracked-XiMPDA.sis

Detection

Generic detection that detects Skudoo.B was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.

Write-up: Jarno Niemela September 26th, 2005;