Digital Edition

SYS-CON.TV
Cabir Virus Attempts to Jump from Phone to Phone Using Bluetooth
Cabir Virus Attempts to Jump from Phone to Phone Using Bluetooth

The "proof-of-concept worm" known variously as Worm.Symbian.Cabir.a, Cabir, and EPOC.Cabir replicates on Nokia Series 60 phones, says a security alert posted by Symantec yesterday.

The French unit of the Russian security software developer Kaspersky Labs said that that virus appears to have been developed by an international group called "29a" - based in the Czech Republic and Slovakia - which specializes in creating viruses that try to show that no technology is reliable and safe from their attacks.

"This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range," says the Symantec alert.

The worm spreads as a .SIS file, which is automatically installed into the APPS directory when the receiver accepts the transmission. When EPOC.Cabir is executed, it:

  • Displays a message, then copies itself to a directory on the phone. (This directory is not visible, by default.)
  • Runs from this directory when the phone is restarted, so that it continues to work even if the files are deleted from the APPS directory.

Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.

According to Reuters, Matias Impivaara, business manager for mobile security services at Finnish security software firm F-Secure, believes that mobile viruses will become more dangerous when they can spread without human intervention.

"The main [turning] point will be when the virus-writing community knows the software well enough...to find holes," Impivaara said, adding:"The information about the [Symbian] operating system is very close to the hands of the virus writers."

The Cabir worm could be a trigger to start developing these ideas earlier, he admitted.

In its threat assessment of Cabir, Symantec rates the virus as having low geographical distribution, easy threat containment, low damage, and moderate removal difficulty. For more information from Symantec about Cabir, see Symantec's Web site.  

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

This virus isn''t a threat at all according to the related news article from Yahoo, but then again, people''s desire to create destructive viruses has been proven inevitable mostly at these times of technology advancement. Eventhough it''s not disastrous, be warned because this starts serious follow-ups. Do not receive items from an unknown source, it can or may damage your phone in the coming future of this Mobile viruses.

No.. that would make it a trojan.

The definition of a worm isn''t to do with whether or not it needs a user to run it - its just about whether it propgates via a network by itself rather than having users do the spreading.

A virus hides itself in other executables and runs itself via proxy with the user not realising it. But it gernerally requires the user to do the distribution (generally without realising it).

A trojan is simply a program which is malicous but pretends to be something else. If it happens to spread itself when run that doesn''t make it a worm or a virus, but just a self spreading trojan. It would be closer to a trojan-slash-worm than a virus.

In simple terms, if it cannot infect a system without the user''s help, it isn''t a worm it''s a virus.

what distinguishes a worm from a virus? "Mobile worms" just sound so loathsome...

Sooo...Symbian smartphones are insecure

and contrary to Microsoft powered cell phones they can easily catch a virus (worm). Why would you like to buy an insecure cell phone? Don''t buy it! Don't buy Symbian cell phones!

I firmly believe that a virus that spreads via phone to computer or vice versa is technically possible. Now (maybe...) just around the corner undoubtably....

I occasionally study virus/worm source code (or hex!) when AV cleanup guides seem unclear. Technically I''m often impressed by the talent and intelligence demostrated by some of these guys (and girls, sorry Gigabyte :) but feel sad at what I see as misguided output of some amazing coding talent. More than anything I feel sad because I remember people that have been hurt by their creations, e.g:

I once had to tell someone working as an admin in a hospital that she had just lost 3 years of her hard work on 5 1/4''s floppies (this is before harddisks/AV were common!) due to stoned virus. Believe me she cried a lot. Experiences like that stay with you and that''s just one of what has now been too many experiences. So I offer no proof because I have no wish to help give ideas or speed the progression of something I don''t want to see, even though VXrs and many other people know it will be evitable :(




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...