Threat Encyclopedia



Size of malware: 15,092 Bytes

Initial samples received on: Jun 15, 2004


Arrival and Installation

This proof-of-concept worm spreads through BLUETOOTH-enabled devices.

When it arrives, a series of messages appear. These messages warn the user of the possible malicious nature of the file before finally being installed:

Receive message via Bluetooth from Bluetooth device?

Install only if you trust provider.

Install caribe?

Options: Install, View certificate, View details

Once installed and active, it can be viewed from the list of applications:

Caribe in menu

If the user cancels the installation, it enters the device's inbox:

1 new message

Bluetooth: CARIBE.SIS

It arrives as a .SIS file and installs itself in the APPS folder.


(Note: The EPOC operating system uses files with a SIS extension to allow easy installation of applications.)

It then creates the following files:

  • %System drive%:\system\apps\caribe\
  • %System drive%:\system\apps\caribe\flo.mdl
  • %System drive%:\system\apps\caribe\caribe.rsc


(Note: %System drive% is the default system drive, which is usually drive C.)

It also creates the following files upon installation:

  • C:\System\RECOGS\FLO.MDL




Product/Platform Compatibility

This worm affects mobile devices running the Symbian operating system with the Series 60 Platform user interface.

(Note: The Series 60 Platform is licensed by various mobile phone manufacturers including LG Electronics, Lenovo, Nokia, Panasonic, Samsung, Sendo and Siemens.)

Some Series 60 devices are as follows:

Phones based on Nokia Series 60 Developer Platform 2.0:

  • Nokia 7610
  • Nokia 6620
  • Nokia 6600
  • Panasonic X700

Phones based on Nokia Series 60 Developer Platform 1.0:

  • Nokia 7650
  • Nokia 3650, 3600
  • Nokia 3660, 3620
  • Nokia N-Gage
  • Siemens SX1
  • Sendo X

Analysis by: Michael Lactaotao

Revision History:

First pattern file version: 2.361.00
First pattern file release date: Jun 15, 2004


Minimum scan engine version needed: 6.810

Pattern file needed: 8.333.00

Pattern release date: Aug 4, 2011

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


Trend Micro Mobile Security Solution

Trend Micro has released an integrated solution for mobile devices, which provides automatic, real-time scanning to protect wireless devices against malicious code and viruses on the Web or hidden inside files.

Download the latest Trend Micro Security Solution from this site.

Terminating the Malware Program

  1. Choose the malware file from the list of applications.

    Choose malware file.

  2. Choose Cancel to terminate the process.

    Exit caribe?

  3. Delete the following files using the file manager:

Deleting Malware Files

  1. Download a file manager into the affected device.
  2. Delete the following files using the file manager:
    %System drive%:\system\apps\caribe\
    %System drive%:\system\apps\caribe\flo.mdl
    %System drive%:\system\apps\caribe\caribe.rsc

(Note: %System drive% is the default system drive, which is usually drive C. Also, if you were not able to delete the malware files, as described in the previous procedure, restart your device.)

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories

Connect with us on