NEWS FROM THE LAB - Wednesday, March 8, 2006

Spanish translation of Commwarrior.B Posted by Jarno @ 08:42 GMT

Yesterday we received a quite interesting sample, a hexedited version of Commwarrior.B that has all texts translated to Spanish.


Modifying samples with hexeditor is not anything new, we have seen that a lot with the Cabir family, and most of the Cabir variants are modified variants of Cabir.B. In the industry lingo we call such malware authors "hexedit idiots".

The modified sample was already detected with F-Secure Mobile Anti-Virus using generic detection. We have named the sample SymbOS/Commwarrior.D and the exact detection was added into mobile database build 74.