source aivanet posted by xeni

Skulls is a malicious SIS file that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

Disinfection

Disinfection

If you have installed F-Secure Anti-Virus but have not yet received database update

1.Open Applications menu
2.Click F-Secure Anti-Virus
3.Select update Anti-Virus from options # 4. Scan your device to remove malicious AIF files
5. Go to application manager
6. Uninstall "Extended theme.sis"

If you have not rebooted the phone after installing "Extended theme.sis"

Currently the only known method of uninstall works if you have some third party file manager installed into your phone.

1. Go to c:\System\apps\appinst and delete Appinst.aif and AppInst.app
2. Open the applications menu
3. Look for web browser, it's icon should still be normal
4. Open http://mobile.f-secure.com
5. Download F-Secure Mobile Anti-Virus for your device
6. Install F-Secure Mobile Anti-Virus
7. Scan your device to remove malicious AIF files
8. Go to application manager
9. Uninstall "Extended theme.sis"

Refferrer link: http://www.f-secure.com/v-descs/skulls.shtml

thanks for the update

more info here

http://www.mobilemag.com/content/100/103/C3430/

this isn't just a proof of concept cabir type virus. This thing phuks ur symbian over completely. Be on the look out and don't accept strange files.

Hi momagic,

Will this virus send by Bluetooth as "Cabir" virus does or it must send by somebody.

It doesnt get spread by bt but by the file "extended themes.sis". It is suspected to be made by the Animated Skeleton Community United Liberation League, "We Make No Bones About Freedom" as quoted when phone is infected.

Heres a screenshot of it:
http://img98.exs.cx/img98/3853/skull_trojan.jpg

Hi just wanna let you all know that a file named "rainbow6.as.symbos.eng.zip" found it from usual place does contain this virus. (to be specific the file called "T2 RS3AS.sis")

Luckily I checked using unMakeSis before I install (the screenshots and the file size can't be match) :-D

Hi just wanna let you all know that a file named "rainbow6.as.symbos.eng.zip" found it from usual place does contain this virus. (to be specific the file called "T2 RS3AS.sis")

Luckily I checked using unMakeSis before I install (the screenshots and the file size can't be match) :-D
Hey please i need this virus cause i want to test it on my 6600...Please could you tell me a link or could you send it on my e-mail: <no send mes>
Please do not tell to find it on irc because i do not now anything about irc !!!
?????????????????????????????????????????????????????????????????????????

no send mes stitch.

and i stickied this thread to remind the symbian community of this.

this guy is banned from #aivanet
I-n-v-i-s-i-o-n Nick: Tee-222
> Address: [email protected] Unknown
> Name: Tee-222
> Channels: #*********
> Server: irc.mzima.net, Welcome to the fjear nation.

i saw him today coming there

so this virus can delete things in your z: drive? :S damn this is dangerous!

so this virus can delete things in your z: drive? :S damn this is dangerous! but if you can do that, think about the possibilities!

so this virus can delete things in your z: drive? :S damn this is dangerous! but if you can do that, think about the possibilities!


Really it can damage the files from Z drive also??


AMazing never thot of ir :p

hheheheh..

thanx a lot, momagic.. I am always impressed by u :)

so this virus can delete things in your z: drive? :S damn this is dangerous! but if you can do that, think about the possibilities!


Really it can damage the files from Z drive also??


AMazing never thot of ir :p

hheheheh..

thanx a lot, momagic.. I am always impressed by u :)

what a marketing strategy...the only solution they camed up with was to download their app... :roll:

and i don't think that it can damage the Z drive, Z drive is Read Only, and could only be accessed when flashed.
think it only installs menu icons (in a form of a skull) in the C or E drive with a diff uid thus making the apps not work. AIF files are the icons.
this virus just act like the sysizonz (developed by twolf and mikept) but with AIF files using a diff UID's.

imo, formating using *#7370# or *,3 and call buttons would do no harm as they actually accessing the Z drive which are still intact.

i doubt u can modify Z: with soft.

imagine flashing ur phone with bluetooth.

The Symbian OS has a feature that..... If a file is put in the C: with the exact same location and name as one in the ROM, it will overwrite the one in the ROM. This is how Skulls works... This in itself is a bad thing... A *very* bad one. but is a good thing if you don't have a flasher cable because you can change the ROM without it now.

:-? ??????????? :-?

http://www.aivanet.com/posting.php?mode=quote&p=9532

I can't understand for what they make viruses?!?!
Better make "good" (Applications, games...)

:evil: :evil: :evil:

Please note that the Skulls "virus" isn't a virus at all:

It can't self-spread, so it's not a virus. It's just a malicious program that anyone can rename to anything. So now even downloading and installing "ETIcamcorder_cracked_by_GEN69.SIS" for instance can actually be the skulls program. Be careful.

But the worst part of this is what it means. Cabir proved that a self-spreading virus can be made for symbian that spreads through bluetooth. Skulls proved that a program can be made to completely ruin someone's phone, including the firmware drive. And I'm sure it wouldn't be hard to make a virus similar to cabir that spread itself through MMS or GPRS to everyone on your contacts list/e-mail list the instant you connect to the network.

The unfortunate truth is it's a realistic possibility that someone could make a virus exactly like that skulls virus that is self spreading through bluetooth, MMS, or even GPRS e-mail. Blows, don't it? Smartphone viruses could turn out to be a helluvalot worse than regular computer viruses. Phones have so many ways of connecting with each other, and anti-virus software would take up precious space, memory, and processor power. Those bastards.

A new Internet Trojan-type virus is turning some Nokia smartphones into plain old dumb phones, the BBC reported Tuesday.

Dubbed "Skulls," the malicious code was spread by Web sites that offer phone users downloads of wallpaper, games, and ring tones.

It targets the Nokia model 7610 phones using Symbian software. Once in the phone, the program replaces all the icons on the main page with skulls and replaces all the working applications, such as contacts, calendar, notebook with non-working versions so the phone becomes almost useless.

The only things the phone can do is old fashioned -- make and receive calls.

The Finnish anti-virus lab F-Secure said it had produced guidance for users to help them remove the program and get their phones working again.

norton..!!! the Hp markets is calling upon ur name.....LOL

http://www.mobilemag.com/content/100/103/C3455/

As I predicted in the skulls info sticky thread, a version of skulls has been created which has the ability to spread in a manner similar to the cabir worm. Now the Skulls virus (and it is truly a virus now) can be spread via bluetooth.

Remember, a virus can be renamed anything. Even "geopod_droboy_crack.SIS" can be the Skulls virus. Accept NO unintended or unsuspected files, especially over bluetooth. If infected, see the SKULLS sticky thread for links which will instruct you as to how to fix your phone.

Its just a clone of cabir and skulls...
Nothing seriuos

Only morons will install everything that gets to them

http://www.mobilemag.com/content/100/103/C3455/

As I predicted in the skulls info sticky thread, a version of skulls has been created which has the ability to spread in a manner similar to the cabir worm. Now the Skulls virus (and it is truly a virus now) can be spread via bluetooth.

Remember, a virus can be renamed anything. Even "geopod_droboy_crack.SIS" can be the Skulls virus. Accept NO unintended or unsuspected files, especially over bluetooth. If infected, see the SKULLS sticky thread for links which will instruct you as to how to fix your phone.








this was a post in this thread
http://nokiafree.org/forums/showthread.php?threadid=70742

i just added his post here to avoid duplicated threads.

BR

Will this do any harm to S60 OS6.1 too (since it has no theme) :-?

Cykke, imagine this scenario:

You're on IRC tryin to find MGS cobra attack. You find a file named "MGS_cobra_attack.SIS" on someone's server. You download it and install it on the phone. You quit the installation only to find that your phone's menu is full of skulls. Oh shit. Moreover, let's say you're in a college dorm and the guy next door has a shiny new 6630. He receives a file from you and knows you, so he installs it. Congratulations, you both just got it up the arse from this "not serious" virus.

Pou_pee, the virus is aimed at the 7610. However I would imagine that in a phone without themes it would still mess up the phone. It may not change the icons, but given than Symbian programs are so interchangeable, I would imagine it would still fulfill enough of its purpose. It's just like a virus that runs on Windows 98. It will still run on Windows 98 SE or even XP. The types of file structures and basic OS is still the same from version to version in both Symbian and Windows.

smpballa240, imagine this scenario:
u r young and an old faggot gives u a nice lolipop to suck, telling
you that he will become his friend. will u suck it?no

get apps that u know which ppl serve them, download unmakesis.exe
to test your wa-re-z

I agree with jojo...
If you know that you are installing cracked apps, first check what's inside .sis file, and then install it.
I always do it, and there hasn't been a single problem

You're right, so long as the person downloading knows what he or she doing and knows to whom and where to go. I was only trying to illustrate the point that the common person who stumbles across some symbian app online isn't gonna know the difference.

Most people ARE morons cykke, and morons do stupid things (like download strange files and accept arbitrary BT messages). My point is that with the exception of people like us who know what we're doing, the virus is serious. It's even more significant since a self-installing virus is a small step away.

jojo; a person with common sense like you or myself wouldn't, but a naive little kid (or in this instance someone new to symbian) would have a lollipop in his mouth and a faggot in his rear by the day's end.

Will this do any harm to S60 OS6.1 too (since it has no theme) :-?

AIF and APP files are the ones that will be copied on the phone...
so all SYMBIAN phone that use these files will be infected ;)

Just dont install 'Extended theme.SIS', and also keep your bluetooth off while u arent using ur fone cos it can spread and it also kills ur battery life. Doing these will keep u safe!

@smpballa240

You know what, if someone buys Symbian phone because its new, classy, and it cost much, but doesn't use it, except for calls and messages, he deserves everything that virus does...
But I still can't belive how much people are like this.
This is the same problem why PC viruses spread so quickly. In my whole computer history (over 10 years with PC, palm, wm, epoc, macOS) I had never had any problems with malware

cykke, take azn dude exemplo grato (as a good example). No offense azn, but you're a perfect example of someone who could easily be taken advantage of. How hard do you honestly think it would be to rename "Extended_Theme.SIS" to "MGSplatform.SIS?" It's not as simple as not downloading extended themes. Azn there are programs named "Britney Spears - Slave for You.MP3" that, when run in your media player, turn out to be viruses. They have an mp3 icon and all. Try it yourself. Rename any program or music file to .doc and all of a sudden your comp thinks it's a word document.

Cykke I totally agree with you. People should know what they're doing. Same here on the malware. I run spybot, ad-aware, norton anti-virus, all that good stuff. Zone Alarm firewall and windows SP2 doesn't hurt either. But I'm fine with people handing money to Nokia cause they made a bad choice and got an more extravagant phone than was needed.

Yes, but I check every .sis file, and open every .app file to see its contents...
So, there can't be mistakes in my case...

Does this virus really exist? I'm pretty sure that this virus come from come from F-secure, and is just fake.

If someone have the virus, please send me a PM/email, or post here.

all info could find on this virus:

http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html

http://www.gizmodo.com/index.php
http://www.antivirus-online.de/english/feedfsecure.php
http://www.disklabs.com/nz/cabir.asp


about the virus, would e cool if someone posted it here ;)

it is on symantec, so it sure exist

but has anyone got it?

http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html

It exists... I have it, and I have tried it on my cell phone...

post it here please

Ok, then it exists, but still i'm pretty sure F-secure is the creator.

Why would anyone buy F-secure's anti-virus, if no virus existed? Btw, the virus was released not very long after F-secure announced their new symbian anti-virus. Coincident?

geezuzz i could imagine the same conspiracy but it just ain't how it is. F-secure made their anti-virus software AFTER cabir came out. They didn't just arbitrarily make an anti-virus program when no viruses were out for symbian.

I saw on some website there's some group actually named the skulls who make viruses. It might be theirs. Whoever's it is, touche.

cykke did you install the malware? did a hard reboot fix everything? i'm sure it did, and i am sure all you guys have all your apps backed up on your computers, so all a virus can do to us is inconvenience us for a day.

I have tested all symbian malware...

Skulls are the biggest problem because you If you don't have explorer installed, only way to get rid of it is to reformat the phone.

Concerning F-Secure. They are definently not creators of any symbian malware, especially not Skulls. Skulls have been made by one guy that I know, and they were made because he hates several people on one symbian forum. ;)
Well, its not hard to make a removal kit for malware that you can remove yourself with explorer, but Skulls are problem, because you can do only basic things. F-Secure, or any other AV company, still don't have AV software for Skulls.

I don't know why do u blame F-Secure for making of Cabir, when they give you free Cabir removal kit.

What's the point of making AV software when there in no virus present!? F-Secure AV was released about two weeks after the cabir has been released by vallez from A29 VX group.
So think about it, before you write stupid thing like that...

firstly this adress (http://mobile.f-secure.com) did not let me to download the application so can you suggest me another way

secondly how can i find viruses

i searched both mediaplace and aivanet

no result

There is nothing wrong with download site, so its problem in your computer or you...

You won't find malware on IRC, it has been removed. Search the google, you might get lucky :razz:

i have a nokia 3650,and what happen is i think i download an application,and installed it in my phone,after i reboot the phone,the menu key are not working,and when i try to make a text message,only number mode can be used,i cannot used the alpha numeric mode..i need help guys,i dont want to lose my files,or if i have no choice,just fix my multi media card,because when i take off my multi media card,it works fine..i dont know how to explain that,,hope for your kind response thank you..

Ok, then it exists, but still i'm pretty sure F-secure is the creator.

Why would anyone buy F-secure's anti-virus, if no virus existed? Btw, the virus was released not very long after F-secure announced their new symbian anti-virus. Coincident?


i consider 80% agreed with you...if not how they earn more $...

if i put in my bisnieuss shoes, and stand in their side...i'll do the same.

i have a nokia 3650,and what happen is i think i download an application,and installed it in my phone,after i reboot the phone,the menu key are not working,and when i try to make a text message,only number mode can be used,i cannot used the alpha numeric mode..i need help guys,i dont want to lose my files,or if i have no choice,just fix my multi media card,because when i take off my multi media card,it works fine..i dont know how to explain that,,hope for your kind response thank you..

not a virus, just some app u installed, perhaps wild skinz?

try using a file explorer, find and delete a file called system.ini, then restart. if that doesnt work, format phone with *#7370#.

Did anybody manage to get the virus?

If you did can you send it my way

eh, no send mes allowed, read rules! :mad:

one thing i was woundering what happens if you anit got a file browser and you install it after the skulls show wont the skull program make that a skullas well and you wont be able to to install it as well because all the apps dont work just woundering