<<<
Thursday, February 16, 2006
>>>
 
SymbOS/Commwarrior.B found from Palm Treo 700W phone Posted by Jarno @ 11:07 GMT

A couple days ago we encountered an interesting case involving Commwarrior.B and Palm Treo 700w smartphone.

We received a request for help from a person who was trying to figure out a case of Commwarrior.B infected Palm Treo 700w. And as Treo 700w is Windows Mobile based device and thus Commwarrior.B cannot work on such device we found the case rather interesting.

When user was trying to sync the Treo 700w with PC the desktop Anti-Virus was giving alerts about SymbOS/Commwarrior.B, and both the telecom and phone vendor support were at loss on figuring out what was going on.

When we started helping customer to figure out what was going on it turned out that the customer really had Commwarrior.B on the phone. However this was SymbOS/Commwarrior.B not a new variant, and it was totally harmless in the device. With the exception of causing PC Anti-Virus alarms at sync.

The phone contained several SIS files with random filenames such as n0g5u00p7.sis, which means that the files were received over bluetooth, as the MMS spreading uses a constant filename commw.sis.

It seems that the user of Treo 700w has accepted Commwarrior.B bluetooth transfer requests, and the phone had stored those files. And thus the phone was causing problems with PC sync.

Actually this is not the first time that we have had to help Palm users with malware that is harmless on their devices, but still causing nuisance at PC sync. I remember several cases where Palm user has received E-mail containing Klez E-mail worm, and has then been unable to sync the Palm mail inbox with PC.

In case there are more people with similar problems, we will include all Symbian Bluetooth and MMS worm detections also to Windows Mobile version of F-Secure Mobile Anti-Virus. So that cleanup will be easier on those devices, even as the Symbian worms are harmless on those devices.







<<< Jigsaw Piece - 813
|
Time to make sure that your Bluetooth stack is safe >>>