Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

SYMBOS_CARDTRP.A

Malware type: Symbian

Aliases: Trojan.SymbOS.Cardtrap.a (Kaspersky), SymbOS/MultiDropper.b!sis (McAfee), SymbOS.Cardtrp.A (Symantec), SYMBOS/Cardtrp.A (Avira), Troj/Cardtrp-A (Sophos),

In the wild: Yes

Destructive: Yes

Language: English

Platform: Symbian OS Series 60

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

High

Distribution potential:

Low

Description: 

This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Some of the affected phone models are the following:

  • Nokia 3600
  • Nokia 3620
  • Nokia 3650
  • Nokia 3660
  • Nokia 6600
  • Nokia 6620
  • Nokia 7610
  • Nokia 7650
  • Nokia N-Gage
  • Panasonic X700
  • Sendo X
  • Siemens SX1

Upon installation, this malware drops several files in the affected mobile device's memory card. These files include the following malware:

It also overwrites normal applications installed on the affected mobile device with malformed copies, thus preventing the said applications from working properly.

Moreover, this malware drops an autorun file in the affected memory card, which attempts to execute BKDR_BERBEW.A on a system once the card is inserted into it. Thus, this malware not only affects mobile devices, it is also capable of compromising target machines.

For additional information about this threat, see:

Description created: Sep. 21, 2005 12:50:20 PM GMT -0800


TECHNICAL DETAILS


File type: EPOC

Memory resident:  No

Size of malware: 168,784 Bytes

Initial samples received on: Sep 21, 2005

Related toBKDR_BERBEW.A, SYMBOS_CABIR.A, WORM_WUKILL.B

Payload 1: Drops other malware

Payload 2: Overwrites applications with malformed copies

Details:

This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Some of the affected phone models are the following:

  • Nokia 3600
  • Nokia 3620
  • Nokia 3650
  • Nokia 3660
  • Nokia 6600
  • Nokia 6620
  • Nokia 7610
  • Nokia 7650
  • Nokia N-Gage
  • Panasonic X700
  • Sendo X
  • Siemens SX1

Upon installation, this malware drops the following files in the affected mobile device's memory card:

  • autorun.inf - an autorun file that attempts to execute FSB.EXE once the affected memory card is inserted into a machine
  • buburuz.ICO - a normal icon file
  • CARIBE.SIS - detected by Trend Micro as SYMBOS_CABIR.A
  • fsb.exe - detected as BKDR_BERBEW.A
  • SYSTEM.exe - detected as WORM_WUKILL.B

This malware also overwrites normal applications installed on the affected mobile device with malformed copies, thus preventing the said applications from working properly.

This malware drops an autorun file in the affected memory card, which attempts to execute BKDR_BERBEW.A on a system once the card is inserted into it. Thus, this malware not only affects mobile devices, it is also capable of compromising target machines.

Analysis By: Alvin Jethro Calderon Bacani


SOLUTION


Minimum scan engine version needed: 7.000

Pattern file needed: 2.854.01

Pattern release date: Sep 21, 2005


Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.

Solution:

Note: To fully remove all associated malware, perform the clean solutions for the following:

TREND MICRO MOBILE SECURITY SOLUTION

Trend Micro has released an integrated solution for mobile devices, which provides automatic, real-time scanning to protect wireless devices against malicious code and viruses on the Web or hidden inside files.

Download the latest Trend Micro Security Solution from this site.

Running Trend Micro Antivirus

Perform the following solution if you have recently transferred files from your Series 60 phone to your computer. If you are currently running on safe mode, please restart your system normally before performing the following solution.

Scan your system with Trend Micro antivirus and delete files detected as SYMBOS_CARDTRP.A. To do this, Trend Micro customers must download the latest virus pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's online virus scanner.




Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories

Connect with us on