FANDOM


Skulls or Skulls.A is a SymbOS trojan that attempts to overwrite files, rendering them unusable. This is one of the only trojans that are on SymbOS.

PayloadEdit

This trojan are targeted against Symbian Series 60 devices, but can affect some other devices (though on some devices, the user will get a warning that the SIS file is not intended for the device) and spreads via bluetooth. When it is installed, it disables all built in phone applications and replaces their icon with a picture of a skull on the menu (except calling from the phone and answering calls). To remove it, the user's only option is to reset the phone back to factory defaults.

VariantsEdit

This trojan contains a whopping 22 variants.

Skulls.BEdit

This trojan undergoes the name "icons.sis". It does not show any message (except the security warning shown by the OS) and it replaces the icons to generic application icons instead of skulls.

Skulls.C, Skulls.K, Skulls.L, Skulls.SEdit

Skulls.C will try to scan for F-Secure Mobile Anti-Virus and corrupts its files so it goes undetected. The trojan drops a copy of Cabir.F, which does not execute unless the user runs its file.

Skulls.K installs Cabir.M instead and also contains the flashing Skull picture from Skulls.D.

Skulls.L undergoes the name being the same as the F-Secure Mobile Anti-Virus. It pretends to be a pirated version of it, and it displays the message after installation:

F-Secure Antivirus protect you against the virus. And don`t forget to update this! 

Skulls.C and K undergoes the name of "skull.sis", making it easy to know its the trojan. It does not show any message when installed. Its payload is the same as Skulls.A, but it also changes the names of all files to "Skulls".

Skulls.S installs Cabir.F multiple times.

Skulls.D, Skulls.G, Skulls.N, Skulls.OEdit

It pretends to be Adobe Flash for SymbOS, but drops Cabir.M and many other applications, and tries to disable third party file managers and corrupts files of F-Secure Mobile Anti-Virus. Most of the programs installed will run on reboot. Its second payload is that it displays an animation of flashing Skull picture on background and will be like that for everything.

Skulls.N also tries to corrupt the built-in file manager alongside some third party ones.

Skulls.O is the same as Skulls.N, but also installs Fontal.A and Commwarrior.B. The Fontal file seems to do no damage.

Skulls.EEdit

This trojan is completely different, undergoing a name of "ThNdRbRd !.sis", making it easy to know its a virus. If installed, it corrupts the built-in File Manager and third party ones also, and drops Cabir.F.

Skulls.F, Skulls.H, Skulls.IEdit

These trojans, like the A variant, disables all built in applications. However, instead of replacing the picture on the menu, it hangs the phone with a full screen, very creepy skull picture. Once again, the only way to remove it is by hard formatting the phone back to factory defaults.

It also installs Cabir variants and Locknut.B.

Skulls.JEdit

It corrupts files of F-Secure Mobile Anti-Virus, drops Appdisabler.A, and displays a flashing Skull picture but unlike other variants it does not contain startup code for the animation due to it being prevented from working by Locknut.B which is also dropped by Appdisabler.A.

Skulls.MEdit

Its payload is the same as Skulls.C's infecting and renaming, but changes the names of all files to "Khalid" instead.

Skulls.P and Skulls.QEdit

Skulls.P undergoes the name of "Doom_v1.5_with_Sound_MMC__by_NewLC.sis". It is one of the most damaging variants of the virus, Skulls.P has components of Skulls.D and Skulls.N, alongside other variants before this virus. It also drops Mabir.A, several variants of Cabir, and component files from Fontal and Doomboot. The Doomboot component installs corrupted binaries and prevents the phone from booting at all if the phone is rebooted.

Skulls.Q is named "FireStorm_English_PATCH_by_SMPDA.sis" and is the same as Skulls.P, but it also drops Onehop.A, which cannot be executed.

Skulls.REdit

It is named "Excellent_Theme_2005.sis", and contains components of Skulls.A and Skulls.B, and it also drops Mabir.A.

Skulls.T, Skulls.U, Skulls.VEdit

Skulls.T undergoes as "Bluetoothextender.sis", also drops component files from Locknut.A, Doomboot.A, and installs Cabir.B, Cabir.M, Locknut.C, Commwarrior.C, and a pirated version of Simworks Anti-Virus.

Skulls.U and Skulls.V undergoes as "Ximplyfy Battery Extender.sis". They both install MGDropper.A instead of Commwarrior.C, and Skulls.V does not include Locknut.

VideosEdit

Skulls03:06

Skulls.A SymbOS Trojan

Skulls.C

Skulls02:59

Skulls.F SymbOS Trojan

Skulls.F

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.