Content

SymbOS/Beselo

Type
Virus
SubType
Worm
Discovery Date
01/20/2008
Length
Varies
Minimum DAT
5214 (01/23/2008)
Updated DAT
5226 (02/08/2008)
Minimum Engine
5.1.00
Description Added
01/23/2008
Description Modified
01/23/2008 5:34 AM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

--- Update January 23, 2008 --
The risk assessment of this threat was updated to Low-Profiled due to media attention.

To Obtain an ED for this threat please visit:

http://www.webimmune.net/extra/getextra.aspx

 

Symptoms

Method of Infection

SymbOS/Beselo is distributed in a SIS file named "beauty.jpg". Although the extension is that of an image file, the Installer will still recognize the file and attempt to install.

The malware also attempts to disguise itself as other types of media files under the filenames “love.rm” and “sex.mp3” .

SymbOS/Beselo attempts to propagate via MMS. It sends an MMS to each number in the phonebook. The malware attaches itself under the previously listed media file names. It will also send itself to other numbers belonging to subscribers of a mobile carrier in Asia.

SymbOS/Beselo sends MMS messages about every 2 minutes. If the GPRS connection is disabled, it will spread itself through Bluetooth.

SymbOS/Beselo will spread every minute over Bluetooth. The malware does not keep track of infected devices and continues to send itself via Bluetooth to nearby devices.

The malware tries to prevent deletion by copying itself to the memory card. SymbOS/Beselo copies an MDL file to the \System\Recogs\ directory in order to run on startup. If any of the malware's components(EXE,SIS,MDL) have been deleted, SymbOS/Beselo will restore them.

Removal

-

Variants

Variants

    N/A

All Information

Overview -

Aliases

  • SymbOS/Beselo.A!worm (Fortinet)

Characteristics

Characteristics -

--- Update January 23, 2008 --
The risk assessment of this threat was updated to Low-Profiled due to media attention.

To Obtain an ED for this threat please visit:

http://www.webimmune.net/extra/getextra.aspx

 

Symptoms

Symptoms -

Method of Infection

Method of Infection -

SymbOS/Beselo is distributed in a SIS file named "beauty.jpg". Although the extension is that of an image file, the Installer will still recognize the file and attempt to install.

The malware also attempts to disguise itself as other types of media files under the filenames “love.rm” and “sex.mp3” .

SymbOS/Beselo attempts to propagate via MMS. It sends an MMS to each number in the phonebook. The malware attaches itself under the previously listed media file names. It will also send itself to other numbers belonging to subscribers of a mobile carrier in Asia.

SymbOS/Beselo sends MMS messages about every 2 minutes. If the GPRS connection is disabled, it will spread itself through Bluetooth.

SymbOS/Beselo will spread every minute over Bluetooth. The malware does not keep track of infected devices and continues to send itself via Bluetooth to nearby devices.

The malware tries to prevent deletion by copying itself to the memory card. SymbOS/Beselo copies an MDL file to the \System\Recogs\ directory in order to run on startup. If any of the malware's components(EXE,SIS,MDL) have been deleted, SymbOS/Beselo will restore them.

Removal -

Removal -

-

Variants

Variants -

    N/A