Content

SymbOS/PBsender.a!sis

Type
Trojan
SubType
Discovery Date
12/06/2005
Length
Minimum DAT
4644 (12/06/2005)
Updated DAT
4732 (04/03/2006)
Minimum Engine
5.1.00
Description Added
12/06/2005
Description Modified
10/19/2006 11:10 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

SymbOS/PBSender.A is distributed in a SIS file named “pbexplorer.SIS”.The malware is run immediately on installation.

SymbOS/PBSender.A claims to be a Phonebook Explorer.

Figure 1 – SymbOS/PBSender.A claims to be a Phonebook Explorer.

SymbOS/PBSender.A displays a message on screen that the user's phonebook is being compacted.While this screen is displayed the malware is iterating thrugh the entries in the user's phonebook and then writing the information into a text file. The phonebook information is stored in“C:\SYSTEM\MAIL\PHONEBOOK.TXT”.

Screen displayed while malware sends out phonebook information

Figure 2- Screen displayed while malware sends out phonebook information.

The malware then sends the text file to the nearest available Bluetooth capable device.

The text file includes the First Name, Last Name , Company, Job Title, Phone number, and Birth- date.Fields that are not filled in the phonebook will not be written to the file.

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

SymbOS/PBSender.A is a malware that sends a copy of the user's phonebook via Bluetooth to any nearby compatible device.

Aliases

  • SymbOS/PBsender.a!sis

Characteristics

Characteristics -

SymbOS/PBSender.A is distributed in a SIS file named “pbexplorer.SIS”.The malware is run immediately on installation.

SymbOS/PBSender.A claims to be a Phonebook Explorer.

Figure 1 – SymbOS/PBSender.A claims to be a Phonebook Explorer.

SymbOS/PBSender.A displays a message on screen that the user's phonebook is being compacted.While this screen is displayed the malware is iterating thrugh the entries in the user's phonebook and then writing the information into a text file. The phonebook information is stored in“C:\SYSTEM\MAIL\PHONEBOOK.TXT”.

Screen displayed while malware sends out phonebook information

Figure 2- Screen displayed while malware sends out phonebook information.

The malware then sends the text file to the nearest available Bluetooth capable device.

The text file includes the First Name, Last Name , Company, Job Title, Phone number, and Birth- date.Fields that are not filled in the phonebook will not be written to the file.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A