Commwarrior

Commwarrior
Alias	Symb/Comwar-A
Type	Symbian Bluetooth Worm
Subtype	Nokia Series 60 infecter
Classification	Mobile phone virus

Commwarrior is a Symbian Bluetooth worm that was the first to spread via Multimedia Messaging Service (MMS) and Bluetooth.^[1][2] The worm affects only the Nokia Series 60 software platform.

Infection

Commwarrior was particularly effective via the MMS vector it used to infect other phones. It appeared as though it had been sent from a source that was known to the victim, leading even security-conscious users to open the infected message.^[3] Actually, the message was sent at random to a contact in the sender's address book.

Once the message is opened, the virus attempts to install itself on the phone via a SIS file. As it runs, the worm is executed every time the phone is switched on.^[1]

A secondary method of infection is to create a malicious .SIS file on a compromised phone. Once per minute thereafter, the worm attempts to send this file to any phone that has Bluetooth enabled.^[4]

Symptoms

According to Sophos, during installation the program has a one in six chance of displaying the following text:^[1] "CommWarrior v1.0 (c) 2005 by e10d0r"

References

1. https://web.archive.org/web/20061110144228/http://www.totallygeek.com/vscdb/index.php?a=s&p=0&vi=l&d=c&i=1155663024c7edb20165f74c8eaabb98924c9fff9b. Archived from the original on November 10, 2006. Retrieved August 13, 2012. {{cite web}}: Missing or empty |title= (help); Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
2. "SymbOS.Commwarrior.I". Symantec. Retrieved 2012-09-25.
3. "Commwarrior cell phone virus marches on - CNET News". News.cnet.com. Retrieved 2012-09-25.
4. "SymbOS.Commwarrior.I Technical Details". Symantec. Retrieved 2012-09-25.