Doomboot installs by Bluetooth, and undergoes the name as "Doom_2_wad_cracked_by_DFT_S60_v1.0.sis", trying to be a cracked version of Doom 2 for SymbOS. When this is installed, it installs corrupted binaries to the phone. This is hidden as the virus has also installed Commwarrior.B to the phone.
The binaries are listed as the following:
If the phone reboots, the corrupted binaries are loaded and the phone will fail to boot.
Commwarrior.B also tries to spread the infection more by spreading through Bluetooth. This causes the battery drain quicker and thus the phone will run quickly out of battery. This is problematic as the phone will not boot again should the phone's power run out.
Like Skulls, this virus is one of the well-known SymbOS malware, hence Doomboot has 26 different variants.
Doomboot.B (Variant 1)
Instead of installing Commwarrior, it installs an application that causes the phone to reboot. This is also problematic as the phone will not boot again if this application is run. It undergoes as "Restart_20.sis".
Doomboot.B (Variant 2)
It also drops Cabir, MGDropper, and Skulls.L also, and tries to corrupt applications on the phone.
Doomboot.C and Doomboot.Q (Variant 1)
It drops Cabir variants (original, F, G, M), Skulls.D, and Doomboot.A.
Doomboot.D, Doomboot.E, Doomboot.M, Doomboot.N, Doomboot.U
These variants either install the same files with different names, or installs additional non-malicious files, some that corrupts phone applications. These variants usually do not come with Commwarrior.
Doomboot.E is named "Jennifer Lopez Theme++ by Dj Hardcore.sis".
Doomboot.M undergoes as "exoVirusStop v 2.13.16.sis" and displays a message after installation:
For Updates visit www.exosyphenstudio.com. If there is a virus re-boot your phone after disinfection
Doomboot.N is named "exoVirusStop v 1.69.90", attempts to install Cydog to a removable device, and displays a message after installation:
For Updates visit [http://]www.exosyphenstudio.com/[REMOVED]. If there is a virus re-boot your phone after disinfection.
Doomboot.U is named "Symbian Anti-Virus.sis". After installation it displays the message:
Symbian Anti-Virus Version 1.10 Copyright©2006 Symbian Ltd. * Phone Protection * Note: Restart Your Phone After installation complete.
Like Doomboot.E, it is named "Jennifer Lopez Theme++ by Dj Hardcore.sis". It also drops Skulls.D and Cabir.M and displays the following message after installation:
This Installation was created with KVT Symbian Installer. Get it free from: [www].kvtsoft.vze.com/[Removed] by Kheng Vandha ------------------ This Theme is a Special Edition, so the device need to be restarted! This theme is a new generationn of theme, Enjoy! Regards DFT!
It is named "Cowgirl Babe++ by Dj 6600.sis" and when installed it drops multiple Commwarrior.A and Commwarrior.B, alongside Fontal.A and displays the message after installation:
This Installation was created with KVT Symbian Installer. Get it free from: [www].kvtsoft.vze.com/[Removed] by Khang Vandha ------------------ This Theme is so good that you have to restart the device ;) A very hot theme by, DFT!
Doomboot.K (also known as Doomboot.R)
It undergoes as "F-secure Antivirus.sis".
It displays a message before installation:
Do you know this will help to maintain battery power put AntiVirus on battery against battery drainer virus Your Regards Ximplify
If installed, it tries to corrupt applications, drops Cabir, Cabir.B, Locknut.A, Skulls.C, changes the application icons to generic application icons, blanks out all the application names, and displays the following message:
App. closed AppArcServerThread
Doomboot.Q (Variant 2)
It is named as "Symbian_DFT v1.0", corrupts the Application Manager and displays a message after installation:
New Protection for Symbian Device created By Tomas DFT for Anti-files corrupt. ------------- Please Press OK And Restart Your Phone.
It is named "Security - Application.sis". If installed, it drops the following: Cardblock.A, Sendtool.A, Mos, Cabir, Mabir.A, Fontal.A, Blankfont.A, Pbstealer.A, Cabir.C, Commwarrior.A, and displays a message:
Security - Application For Series 60 Copyright © 2006 0ID500 Inc. All rights reserved *** 0ID500 TEAM ***
Named as "Leslie Loves.sis", after installation it installs Comwarrior.I and displays the message:
File Uploading & Modified by [REMOVED].
It is named as "restart 2.0.sis" and when installed it drops Skulls.A and displays the message:
enjoy! whith this software, you can restart your phone with press only a button.
It is named as "Ximplify Battery Extender.sis". When installed, it drops Cabir, Cabir.B, MGDropper, Locknut, and displays the message:
Do you know this will help to maintain battery power put AntiVirus on battery against battery drainer virus.
Your Regards [REMOVED]
It undergoes as "simworks 1.2.2.sis" and drops Cabir, Cabir.B, Blankfont.A, Cdropper.H, Commwarrior.A, and Commwarrior.B.