Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Caribe - Worm for Epoc by vallez

Worm for Epoc

vallez
Show all viruses by this author

2004-00-00

Comments
Download caribe.zip (25044 bytes) or browse online

Released in 29A#8

Author's notes

About Caribe

Caribe is a worm for symbian operating system. The current compilation will work over series 60 phones. Currently:

Perhaps others

(see www.series60.com/products)

I have tested it on nokia ngage and nokia 7650 only, but it should work on all these devices.

Caribe was writted in c++. Symbian/nokia is giving us a complete sdk for developing applications for symbian op erating system.

Symbian could be a very extended operating system used in mobile phones in the future. Today is the more extended and in my opinion it could be more yet (M$ is fighting too for being into this market too).

Symbian is giving its api as c++ classes (i have not used the java sdk). Its offering lot of functions for managing all in the phone: calls, sms, mms, gprs, bluetooth,alarms,agend,..all you can do with your phone you can do programatically too.

This first release of caribe operates in this manner:

When the virus arrives a system its installed and (with some special options in the created autoinstallable packed) autorunned. In that moment the worm install itself in the system, in pseudohidden directories. In addition it sets necesary things for autostarting itself when the phone is restarted (its using a standart .mdl file. .mdl files are mime recognizors programs, but they are automaticly executed when the mobile starts, so it can be used for autoexecuting applications instead the real purpose of these files).

When a installation package (.sis files) is executed, all components are installed in the apropiated folders and the package file is destroyed. This characteristic forces caribe to generate the autoinstallation file that its containing itself each execution, for sending it.

The installation package contains three files:

The aplication: caribe.app(the application) + caribe.rsc(resources,necesary).

The recog: flo.mdl

In each execution:

  1. Caribe copy itself to apropiate directories.
  2. Caribe creates .sis file. Here there are some problems. While execution caribe cannot read its own .rsc file, but it can read its own .app file (i dont know why). So caribe.app contains raw bytes of .rsc in its own executable. .sis files are protected with a CRC16 so the creation of the package file is a few more difficult. The vx writes the .sis file header, all the inside files without compression, and later it update the header with apropiate offs, sizes and crc16.
  3. Caribe starts to searching phones with bluetooth activated. Bluetooth tecnology has a 10 meters of ratio for its communications, so the target should be in a 10 m ratio. Really this is not so difficult.I was doing some test (without sending the virus) and lot of ppl is going with its phone with bluetooth activated: restaurants, disco, trains,etc.. In that sites the worm would find lot of targets.
  4. When the worm finds a target it sends itself to the found remote. The target will receive a message with the same interface as when he received a sms or mms. When he tries to read the message (this message is going with the .sis file attached) the installation manager will be launched and it will ask if the user want to install it. Lot of users will not know nothing about phone viruses and they will push yes. They are customary to see these message from the installation manager when they are installing any application. In that moment the worm is executed and it will autoinstall itself in its directories. Note when a message is received (via bluetooth, mms...) with a .app or .exe attached, it will advise the user the message is dangerous and it doesnt let it to execute the attached file. For this reason caribe creates the .sis file and sends it, becoz when a .sis file is received the installation manager takes the control and it let you to install it, and really this is so dangerous or more than executing a aplication directly, becouse the .sis file let you set some parameters for autoexecuting a file inside it in the installation time ;D
  5. GoTo 3.

Note caribe has some small sleeping intervals that will not affect its propagation but it will be good for not being monopolistic with cpu.

Why bluetooth:

Well, i have written some code for managing mms and emails too. Since these phones you could send a email or a mms message with the .sis attached. I think this is not very good idea:

mms: Its easy to route over the agent searching phone numbers and sending them a mms message with the worm attached, but we have two problems:

-We dont know what type of phone are we sending the mms. We dont know if that phone is able to receive mms message or if it could execute the worm.

-We are spending the money of the phone.

email: we could send the worm to emails but the receiver should put the worm into the phone and install it by himself. (in addition we should connect internet with the phone, with its money spending too).

There is gprs tecnology too, but i dont know lot of much about this (but i think it could be interesting for worms spreading).

Bluetooh is free, and the receiver will be a apropiated target. The problem is bluetooth needs to have near the target (10 meters radio). Progagation scenaries will be trains,restaurants, etc...

And this is a description about this first release of this worm. I hope to improve it step by step.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org