Read-only archive of the All About Symbian forum (2001–2013) · About this archive
All About Symbian Forum Archive

"NOTES"\"PhoneBook" Sender

0 replies · 1,150 views · Started 01 December 2005

CALVIN 01 Dec 2005, 02:51

SymbOS PbSender.B
Description:

There is a slightly changed in PbStealer.B, besides stealing user Phone Book data, it will

also steal user �NOTES� data and compile it into a text file and sent through targeted

Bluetooth devices that are in online mode or in active discovery mode

In the analysis process, it shown that it is capable running on older Symbian phone that

running on version 6.1 such as NOKIA 3650\3660\3620\7650\N-GAGE\QD etc.

For some user, they might be store their important data such as Credit Card number, ATM card

PIN number, Bank Account PIN code and private and confidential company or personal data.

Therefore, user should always avoid from installing unknown source software into the phone.

Affected Platforms:

Tested on:

� Nokia 6680
� Nokia 3660

Affected:

� Nokia 6680
� Nokia 3660

Analysis/Observation:

This trojan was distributed in an application file and it is spreading in

PBEX_VIN.SIS.

Symtomps:
When user try to install this suspicious *.SIS file, the image shown below is screenshoot

taken during installation process:

User posted image

After installation complete, the application has set to run automatically and will display

the following text:

________________
| Phone Book |
| Compacting |
| by: lajel 202u |
| |
| please wait... |
|________________|

User posted image

After the malicious process done, it will pop out a message:

"Done!!!"

If user press [OK] the malicious program will ended itself and after some times,
it will start searching for bluetooth devices and sent all phonebook information and tha

�NOTES� data in a text file via bluetooth.

Propagation:

This malware will based on the file that generated at c:/System/mail/phonebook.txt and send

those compiled data via Bluetooth. Here are some images that user data being compiled into a

text file:

User posted image
User posted image

Prevention:

This malware requires that the user intentionally install them upon the device. As always,

users should never install third party application from unknown site or sources.

How to uninstall:

By using latest version of CalvinStinger� Symbian Viruses Disinfection Tool or just manually

disinfect the phone by uninstalling it at application manager.
Virus found by and analysis report write up by CALVIN on 28th November 2005 �