R&D Project Report On Mobile Worms, Viruses and Threats By Mitesh M. Khapra (06305016) And Nirav S. Uchat (06305906) under the guidance of Prof. Bernard L. Menezes K.R.School of Information Technology, Indian Institute of Technology, Bombay Mumbai 1 Table of Contents Chapter 1: Introduction to Mobile worms, viruses and threats. ............................................................ 8 1.1. Reality Bites .......................................................................................................................................... 8 1.2. The past, the present and the future!! ................................................................................................. 9 Chapter 2: An Introduction to Symbian .................................................................................................. 11 2.1. Introduction ........................................................................................................................................ 11 2.2. Hardware and Software Issues ........................................................................................................... 11 2.2.1. Some hard facts about the hardware ............................................................................................ 11 2.2.2. Being soft on the hardware ........................................................................................................... 12 2.2.3. Not just a Smartphone .................................................................................................................. 13 2.3. Symbian File System ........................................................................................................................... 13 2.3.1. Some important directories .......................................................................................................... 14 2.4. Symbian Executables .......................................................................................................................... 16 2.5. Symbian APIs ...................................................................................................................................... 16 2.6. Installing applications on Symbian phones ........................................................................................ 17 2.7. Summary ............................................................................................................................................ 18 Chapter 3: Dissecting Symbian SIS Files ................................................................................................. 19 3.1. Introduction ........................................................................................................................................ 19 3.2. SIS Files Format (v7.0, v8.0 and v8.1) ................................................................................................. 19 3.2.1. File Header .................................................................................................................................... 20 3.2.2. File Records ................................................................................................................................... 21 3.3. Hacking in to a Malware Writer’s Mind: ............................................................................................ 23 3.3.1. Case 1: Construct a SIS file programmatically. .............................................................................. 23 3.3.2. Case 2: Embed a malicious SIS file in an existing trusted SIS file. .................................................. 24 3.4. SIS Files Format (v9.1) ........................................................................................................................ 25 3.4.1. Two‐part structure ........................................................................................................................ 26 3.4.2. Symbian Signed ............................................................................................................................. 26 3.5. A Challenge to malware writers ......................................................................................................... 29 3.5.1. Challenge 1: Construct a SIS file programmatically ....................................................................... 29 3.5.2. Challenge 2: Embed a malicious SIS file in an existing trusted SIS file. ......................................... 29 3.6. Summary ............................................................................................................................................ 30 Chapter 4: Cabir – An Analysis ................................................................................................................ 31 4.1. Introduction ........................................................................................................................................ 31 4.2. The message from the dark side! ....................................................................................................... 31 4.3. And the credit goes to… ..................................................................................................................... 31 4.4. Modus Operandi ................................................................................................................................. 32 4.5. The chosen ones ................................................................................................................................. 33 4.6. Behind the scenes ............................................................................................................................... 33 2 4.6.1. Structure and some important files .............................................................................................. 33 4.6.2. Painting the town blue ‐ CARIBEBT.cpp/.h .................................................................................... 35 4.6.3. Install, copy and auto‐start‐ CARIBEINSTALLER.cpp/.h ................................................................. 38 4.7. Summary ............................................................................................................................................ 46 Chapter 5: CommWarrior – An Analysis ................................................................................................. 48 5.1. Introduction ........................................................................................................................................ 48 5.2. The message from the dark side! ....................................................................................................... 48 5.3. And the credit goes to… ..................................................................................................................... 48 5.4. Modus Operandi ................................................................................................................................. 48 5.4.1. Propagation via Bluetooth ............................................................................................................. 49 5.4.2. Propagation via MMS .................................................................................................................... 49 5.5. The chosen ones ................................................................................................................................. 50 5.6. Behind the scenes ............................................................................................................................... 50 5.6.1. Structure and some important files .............................................................................................. 51 5.6.2. Painting the town blue ‐ CommWarriorBT.cpp/.h ........................................................................ 52 5.6.3. Install, copy and auto‐start ‐ CommWarriorInstaller.cpp/.h ......................................................... 52 5.6.4. A message for you ‐ CommWarriorMMS.cpp/.h ........................................................................... 52 5.7. Summary ............................................................................................................................................ 55 Chapter 6: Skuller – An Analysis ............................................................................................................. 56 6.1. Introduction ........................................................................................................................................ 56 6.2. And the credit goes to… ..................................................................................................................... 56 6.3. Modus Operandi ................................................................................................................................. 56 6.4. The chosen ones ................................................................................................................................. 57 6.5. Behind the scenes ............................................................................................................................... 57 6.5.1. Structure and some important files .............................................................................................. 58 6.6. Summary ............................................................................................................................................ 59 Chapter 7: Taxonomy of mobile worms and viruses ............................................................................