Bluetooth Worm Squirms Through Symbian Phones

The SymbOS/Beselo family of worms is very similar to Commwarrior. In fact at first we actually misidentified Beselo.A as Commwarrior.Y. Like Commwarrior, Beselo worms spread via MMS and Bluetooth using social engineering to trick users into installing an incoming SIS application installation file.

But what makes Beselo interesting is that instead of a standard SIS extension the Beselo family uses common media file extensions. This leads the recipient believe that he is receiving a picture or sound file instead of Symbian application. He is then far more likely to answer "yes" to any questions the phone prompts after clicking on such an incoming file.

The filenames used by Beselo are beauty.jpg, sex.mp3, and love.rm.

However, just this use of a new social engineering trick was not enough to get more attention from us; we added Beselo.A as Commwarrior.Y back in December. But last Friday and over the weekend a friend working for a major telecom operator became interested in the extensions and did a bit of investigation into what was going on.