The Fake Calvin Stinger...user posted image



Recently there is a fella from Indonesia who had created a large amount mobile malwares and its malicious act is just same as Cardtrap family, that is, malware spreading from Phone to PC.

It's notice that, Steven(The malware creator) stuff doesn't has big change, most of them is just a repack stuff that using "skull" technique to replace functional file into non-functional file. The main difference that taking Anti-Virus firm attention is, most of his new stuff contain a new batch file that assigned to executes its malicious act.

Steven is trying to fool those innocent user using "CALVIN STINGER Anti Virus 2.0" name in his batch file which is trying to delete important system file in C drive and causing the computer fail to reboot next time.

Well, Steven stuff is very lame and grandpa style which our "Grandpa Hacker" used those DOS command to attack the computer system at a very early time. Shame on him because he doesn't realize that his batch file is quite kiddie script which bring "Jokes and Humour" to our Anti-Virus firm.

Affected Platforms:

Tested on:

· Nokia 6680
· Nokia 3660

Affected:

· Nokia 6680
· Nokia 3660

Analysis/Observation:

This trojan was distributed in an application file and it is spreading in BattleField 2 - GAMELOFT.SIS.

Symtomps:

When user try to install this suspicious *.SIS file, the image shown below is screenshoot taken during installation process:

Payload:

Payload disables a large amount of third party application and also some ROM application which this malware trying to overwrite the ROM file and also replacing functional file into non-functional file.

Method of Infection in PC

Tested Platform: Windows XP SP2

User should be aware of those *.exe files which drop by this malware into the media card. The author is trying to installed those *.exe file which contains a malicious batch file that trying to delete important system file in C drive.

While user trying to executes the *.exe file, it will trigger the batch file running and a Command Window will pop out and claims itself as "CALVIN STINGER AntiVirus2.0"

If user press any key to continue, it will delete those important data file in the C drive which causing the computer fail to reboot next time.

After deleting those important data files, it will show a message

Prevention:

This malware requires that the user intentionally install them upon the device. As always, users should never install third party application from unknown site.

Well, CalvinStinger is only release once and does not has any updated version yet. User should be aware of downloading CalvinStinger in an unknown site because it might be a FAKE one or its contains any malicious act.

User should be reminded that ORIGINAL CalvinStinger for Symbian OS phone ONLY can be safely downloaded at SF and SX.

McAfee anti-virus has added detection on this "kiddie stuff" and it will be detected as Bat/Kads.dr. The same goes to other anti-virus vendor too, please update your anti-virus defination to ensure you're protected from this malware although it's a Grandpa old time malware.

How to uninstall:
Mcafee Virus Scan, TrendMicro Anti-Virus, Symantec Mobile Security, F-Secure Anti-Virus should able to detect it provided your anti-virus software must have the latest defination of this malware which will available in the next few days.