Commwarrior Explained

Fullname:Commwarrior
Alias:Symb/Comwar-A
Classification:Mobile phone virus
Type:Symbian Bluetooth Worm
Subtype:Nokia Series 60 infecter

Commwarrior is a Symbian Bluetooth worm that was the first to spread via Multimedia Messaging Service (MMS) and Bluetooth.[1] [2] The worm affects only the Nokia Series 60 software platform.

Infection

Commwarrior was particularly effective via the MMS vector it used to infect other phones. It appeared as though it had been sent from a source that was known to the victim, leading even security-conscious users to open the infected message.[3] Actually, the message was sent at random to a contact in the sender's address book. Once the message is opened, the virus attempts to install itself on the phone via a SIS file. As it runs, the worm is executed every time the phone is switched on.

A secondary method of infection is to create a malicious .SIS file on a compromised phone. Once per minute thereafter, the worm attempts to send this file to any phone that has Bluetooth enabled.[4]

Symptoms

According to Sophos, during installation the program has a one in six chance of displaying the following text:[1] "CommWarrior v1.0 (c) 2005 by e10d0r"

Notes and References

  1. Web site: Totally Geek :: Virus Source Code Database . August 13, 2012 . dead . https://web.archive.org/web/20061110144228/http://www.totallygeek.com/vscdb/index.php?a=s&p=0&vi=l&d=c&i=1155663024c7edb20165f74c8eaabb98924c9fff9b . November 10, 2006 .
  2. Web site: SymbOS.Commwarrior.I . https://web.archive.org/web/20061231184915/http://www.symantec.com/security_response/writeup.jsp?docid=2006-052510-4833-99 . dead . December 31, 2006 . Symantec . 2012-09-25.
  3. Web site: Commwarrior cell phone virus marches on - CNET News . News.cnet.com . 2012-09-25.
  4. Web site: SymbOS.Commwarrior.I Technical Details . https://web.archive.org/web/20150402122201/http://www.symantec.com/security_response/writeup.jsp?docid=2006-052510-4833-99&tabid=2 . dead . April 2, 2015 . Symantec . 2012-09-25.