Weekly report on viruses and intrusions – Cabir, StartPage.FH, Downloader.HC and Argen
This week’s report will focus on Cabir, the first worm capable of spreading through mobile phones, two Trojans -StartPage.FH and Downloader.HC- and a joke called Argen.
Cabir starts a new era in IT security, as it is the first worm capable of spreading through mobile phones. It affects devices running under the Symbian operating system used in many phones manufactured by companies like Nokia, Siemens and Sony Ericsson.
Cabir spreads in a file called Caribe.sis, which is automatically installed on the system when the user accepts the transfer. When it is launched, it displays the following message on screen: Caribe. Then it starts a constant search for other phones that are also connected using Bluetooth technology. This process significantly reduces the phone’s battery operating time.
The two Trojans in today’s report are StartPage.FH and Downloader.HC. In order to reach the affected computer, they need the attacker’s intervention. They can spread through many different means of transmission (floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.).
StartPage.FH changes the home page of Internet Explorer. It also shows false messages on screen warning the user that the computer is infected by different spyware and adware programs. It does this to trick the user into accessing certain web pages. When these pages are accessed, messages are displayed on screen asking for permission to install other malware or programs like eAcceleration and eAnthology. As long as the computer is affected by StartPage.FH, the original home page cannot be restored.
Downloader.HC downloads the adware detected by Panda Software as Lop on the affected computer, which adds a tool bar to Internet Explorer. Downloader.HC also modifies the home page and several search options of Internet Explorer and adds several links to the Favorites folder. Occasionally, when the user closes the browser window, it displays advertisements.
We are going to finish this week’s report with Argen, a joke that displays several windows on screen as it opens the CD-ROM drive. When the user clicks on the ‘OK’ button, the CD-ROM drive closes. Once Argen is run, the user will not be able to use the computer until its actions have finished.