Doomboot.A is a new Trojan horse that targets Symbian Series 60 devices. It presents itself as a cracked version of the game Doomboot.A drops corrupted system binaries into the c: drive. When the device is next rebooted, these corrupted files will be loaded instead of the correct ones causing the phone to Doom 2 in order to tempt victims to download and install it. fail to boot correctly.
In addition to system binaries, Doomboot.A also drops the Commwarrior.B worm. This will start attempting to spread automatically using both Bluetooth and MMS simultaneously. Moreover, because of the use of Bluetooth, the phone will run out of battery in about 1 hour. If the phone does run out of power then, as a result of the corrupted files dropped by Doomboot.A, the user will be unable to reboot the device even when connected to the mains or using a fully charged battery.
Once an infected phone has been subject to a reboot attempt the only known way to disinfect the phone is to carry out a hard reset of the device. Unfortunately this will result in the loss of any data the user has stored on the phone as well as in the removal of Doomboot.A.
Installing Doomboot.A does not cause an icon to be added to the device application menu, also CommWarrior.B will not appear within the devices processes list. As a consequence, it may be very difficult for a user to identify that his device is infected.
This Trojan does not exploit any security vulnerabilities within the Symbian OS, relying instead on the device user actively overriding the security features of the OS. The user of the device must actively install the Trojan by accepting multiple prompts, including one that is clearly presented as a security warning.
Impact
Doomboot.A could lead to customer complaints resulting from receipt of unsolicited MMS messages issued from infected devices. For those customers who are infected Commwarrior.B may generate MMS messages that result in additional charges on their bill.
If an infected device is rebooted, the Trojan could lead to revenue loss as the reboot will fail and the customer will not be able to make any further use of their device until they have performed a hard reset. It is also likely that customers whose devices become infected with this malware may call their operators customer services team for advice.
Furthermore, customers who carry out a hard reset of their device as a result of being infected will suffer the inconvenience of losing any data they may have stored on the device.
More Information http://www.f-secure.com/v-descs/commwarrior_b.shtml http://zdnet.de/security/infoportal/feed.htm?id=10 http://www.symbian.com/security/malware_advice.html
Subscribe in a reader 
Doomboot.A Trojan horse 
Linear Mode
