This post was last updated on June 12th, 2020 at 10:31 am
Although Nokia Symbian phones such as s^3, anna, belle will witness little or no virus invasion it is only very important to enlighten all Symbian users who still use the older versions of the Symbian os such as s60, s60v3, s60v5 about Nokia Symbian phones virus and measures to safeguard vulnerable devices.
What is Mobile Phone Virus
A mobile phone virus is an electronic virus that targets mobile phones or wireless-enabled PDAs. As wireless phone and PDA networks become more numerous and more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or other malicious software (also known as malware).
Brief History of Mobile Phone Virus
The first instance of a mobile virus occurred in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game
About Nokia Symbian Phones Virus: Detailed Explanation
Target: Symbian cell phones type 60
Spreading via: Bluetooth
The damage: slows down the cell phone
Cabir is the first and most popular Symbian virus today. Cabir is a worm that spread via Bluetooth connection. It also enters the message inbox with interesting names. If you open those sys file and install them,
Cabir will start to search for another target cell phone that has an open-access Bluetooth connection to spread. Cabir is also known as SymbOS/ Cabir.A, EPOC/Cabir.A, Worm.Symbian.Cabir.a, or Caribe virus.
The variant spreads with additional characters behind it name, like Cabir.Z, a variant from Cabir B and it spreads using velasco.sis system. The Cabir will activate the BlueTooth periodically, around 15-20 minutes once, to get another phone targets. No dangerous damage, but if your cell phone infected, the battery will be spent faster because it’s used to search another BlueTooth connection. To prevent it, disable your BlueTooth feature. Activate only if you want to use it. Don’t install Symbian application with name caribe.sis or another strange name.
Founded: November 2004
Target: Symbian cell phones
Spreading via: Internet
The damage: the cell phones can’t be used anymore except to call and receive calls only.
About the “Skull” Symbian Virus
Another dangerous virus is SymbOS.skulls. Firstly, this Trojan named as Extended “theme.sis”, but today “skulls.sis” is a more famous name used for this virus. This Trojan type damages the system and causing the menu icons changed to become skull icons. Skull C, H, and S variant will change almost all icons in your
cell phone menu. When installed, Skull H opened a notification message: Install beta_092_free-sms-RM8 and Skull S displaying a message Install BlueNum Stealer, and some other strange message. Commonly when the infected application is clicked then an error message will be displayed. Not only could it change the
icons, but “Skull” can also damage all applications that its icon has been changed.
Founded: January 2005
Target: Symbian Cell phones Version 60
Spreading via: BlueTooth and MMS
The damage: Sending viruses replication via MMS to all contacts in the phonebook, spending pulse.
Attacking Pattern of CommWarrior Symbian Virus
Commwarrior is categorized in the worm virus family. This worm spreads via Bluetooth, MMS, and memory
card exchange with a random name xxx.sis. The attack type of this virus varies, but the most common
is the virus will spread via BlueTooth.
Some variants of this virus also will send random MMS to contacts in the phonebook. Commwarrior have many aliases names (you can imagine the wanted criminal have many fake names). F-Secure know it as
Commwarrior, McAfee know it as SymbOS/Commwarrior, Trend Micro knows it as SYMBOS_COMWAR.
The last known variant is Commwarrior T. Commwarrior T and Q only infect Symbian ver.8.1 or
This virus will sporadically spread and sometimes opens an HTML page in your cell phones with the message: Introduction Surprise! Your phone infected by CommWarrior worm v3.0. Matrix has you, CommWarrior
inside. No panic please, it is very interesting to have a mobile virus on your own phone. This worm does not bring any harm to your phone and your significant data.
About CommWarrior worm for Nokia Series60 provides automatic real-time protection against harmful
Anti-Virus content. CommWarrior is free software and is distributed in the hope that it will be useful,
without any warranty. Thank you for using CommWarrior. CommWarrior 2005-2006 by e10d0r.
Founded: march 2005
Target: Symbian ver.60
Spreading via: Internet download
The possible damage: Crashing cell phone system (ROM), cell phone can’t be functioned, spreading viruses to other cell phones.
Locknut Attack Method
Locknut is a Trojan virus that uses the backdoor in the Symbian S60 system.
This virus is dangerous because it can change the binary in the cell phone’s ROM system, and causes the phone’s operating system to stop and crash.
Infected Symbian phones have some characteristics that will display messages like this: App Closed, AppArcServerTh, read, etc.
More than that, this virus has an additional virus like “Cabir virus” that will be installed if the Locknut infects your phones.
Locknut E, one of the variant will damage important files in your Symbian system and caused the infected applications can not be opened.
This way effectively will cause your phones totally locked.
Fontal Symbian Virus
Founded: April 2005
Target: Symbian phones ver.60
Spreading via: Internet download
The possible damage: Locking the cell phone in the startup module caused the cell phones can’t be used.
Especially Relevant: Download and Install Collections of Major Fonts For Nokia Symbian Phones
RommWar Symbian Virus
SymbOS/RommWar (the name by Symantec antivirus) is a kind of Trojan virus.
This virus will put a small application in cell phones.
The virus can cause the following damages: hanging, the phones will restart itself, or the power switch will not function.
This virus is a .sis extension Symbian application, the names could be varied. It can be very deceptive to make it enticing and develop your interest in installing it,
for example; theme.sis, xxx.sis, Britney_sis, etc. When the installation process is running, the screen will display a message like this:
“Install Stopper by WarriorMarrior Today the SymbOS/”
RommWar has many variants, but the 4 most famous of its variants are:
RommWar A will use the MIME recognizer to give its effects. The infected cell phones will hang and have to be restart, and it will happen over and over even after restarted many times.
- RommWar B
This second variant will restart the cell phones and prevent you to run the booting.
- RommWar C Same as above, this variant will prevent you to turn on your cell phones.
- RommWar D
This new variant causes various damages, like cell phones, can not be turned on, or the power button not functioning.
The miracle is, SymbOS RommWar installation sometimes comes from imperfect Kaspersky Anti- Virus Mobile installation.
The complete name is “SymbOS.Doomboot“, or SYMBOS_DOOMED. Although the spreads are not as fast as computer viruses, the effect will cause serious damages. Doomboot is a Trojan virus type. Many variants have been founded, like Doomboot A, C, L, M, G, and P.
Doomboot A makes the files corrupted, and after infecting, it will place another virus like CommWarrior.
B into your cell phones. The corrupted files will prevent you to run rebooting. SymbOS.Doomboot.A for
an example will duplicate the name like installation file for cr4ked Doom2 game.
Commonly the file name is
Doom_2_wad_cr4ked_by_ DFT_S60_v.1.0.sis. Doomboot C will infect with other names, like
“exoVirusStopv2.13.19” ,seems like an antivirus program. If it is installed, you will see a technical message, but after success installed you won’t see any sign or new icon. Sooner you’ll find that your phone battery will be spent faster because it will automatically run the BlueTooth connection to infects other cell phones.
The same method is used by Cabir virus. The virus will prevent you to do booting when you have turned the cell phone off. If you have succeeded in a reboot, you’ll need to hard- reset your cell phone. Your data, like contact number and photos, will be lost.
CardTrap The first cell phone virus is built to attacks Windows-based computers. It will put 2 viruses files into the cell phone card memory.
So many variants have been found, like CardTrap P, Q, R, S until double alphabets like CardTrap AA, AG, AJ, and soon.
Commonly, CardTrap emulates/replicate games application name or famous application name like Kingkong, Half-Life, Battlefield 2, etc. CardTrap Z, for example, duplicates the name SeleQ 1.7 cr4ked
TNT.sis. Cardtrap damaging the system by turning off some important Symbian built-in application.
The specialty of this virus is that it could damage some antivirus applications. Sooner if there is a chance to
connect to the computer, CardTrap will plant itself into the Windows-based PC and spreads itself. Some variant could damage the keypad function and the third-party application, and spreads these corrupted
files into the memory card and causing system chaos.
A cell phone virus that some people say comes from Indonesia. PB Stealer has an aliases name,
SymbOS/PBstealer, a Trojan that collects contacts number in the phonebook and saves it in the txt file.
PBstealer will send the text file to other cell phones via Bluetooth connection.
You can imagine how important contacts in your phonebook could be exploited and used for criminal purposes.
PBStealer D, one of PBStealer variants could compile and send the file containing contact numbers, database at once.
To spread itself, PBStealer send 2 sis extension file via Bluetooth connection, ChattingYuk.sis and
PBCompressor.sis. AppDisabler Like Doombot, AppDisabler places another virus like Locknut B and Cabir Y to your cell phone. Sometimes it places Skulls J into the system and changing the icons became skulls icon.
The most dangerous is, this virus will stop operation system performance and some third-party applications.