Summary

Skulls.F is an edited version of Skulls.D SIS file trojan, it contains several variants of Cabir worm, and several copies of Locknut.B trojan.

Skulls.F is still under analysis, detailed information will be provided in near future.

Spreading in Simworks.SIS and WMAcodec.sis

Payload Replaces built in and third party applications with non-functional ones, installs Cabir worm variants, Locknut.B trojan and starts animation that shows flashing skull picture.

Detection

Generic detection that detects Skulls.F was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.


Write-up: Jarno Niemela March 22nd, 2005;

Description updated: Jarno Niemela March 29th, 2005;