When Drever SIS file is installed to the system it try to replace the bootloader files used by Kaspersky, Simworks and F-Secure Symbian Anti-Virus products with corrupted versions. In addition of bootloader files the Drever.C will also install corrupted binaries or F-Secure Mobile Anti-Virus and corrupted licence file of Simworks Anti-Virus.
If the device has F-Secure Mobile Anti-Virus with updated databases, the Drever.C will be detected before it can be installed. If the device does not have up to date databases, the install will still fail as attempt to overwrite F-Secure Anti-Virus files will crash the application installer, thus terminating the installation of Drever.C
The files are corrupted by manually editing them and writing text '123' into random locations in the files.
Some of the edited files contain strings intended as messages to AV vendors:
FSECURE MUST DIE!!!!!!
Please, don't make new antiviruses for my viruses and I stop make
viruses for your antiviruses. My target is Simworks!
Spreading in: New_bases_and_crack_for_antiviruses.sis