Tuesday, November 30, 2004
Back from the RF shielded lab with more detailed analysis of Skulls.B Posted by Jarno @ 12:32 GMT

I just got back from the RF shielded lab that we use for analysing mobile malware that might use Bluetooth or some other radio link for spreading.

rf_lab_door (13k image)

AVI of the RF shielded Lab door closing

In the lab where I could safely analyse Skulls.B and the Cabir.B that it contains I made an interesting discovery. The Skulls.B installs Cabir.B wrongly in the system, so that while the files are functional the Cabir.B is not able to start automatically.

This means that just installing Skulls.B does not cause Cabir.B outbreak in local area, user would have to manually start the Cabir.B for it to activate and start spreading. Which is still possible but much more unlikely.

<<< Lycos Europe organizing a DDoS attack against spammers
Makelovenotspam.com defaced? >>>