Posted on 15-Jun-2004 20:41.
Filed under: News
Kaspersky Labs claims to have detected a worm called Cabir, the first of its kind to propagate via mobile networks. It infects telephones running Symbian OS. So far, Cabir does not seem to have caused any security incidents.
It seems that the worm was created by a virus writer going under the name of Vallez. This pseudonym is used by 29a, an international group of virus writers. The group specialises in creating proof-of-concept viruses. Among the group's creations are Cap, the first macro virus to cause a global epidemic; Stream, the first virus for additional NTFS streams; Donut, the first virus for .NET and Rugrat, the first Win64 virus.
Preliminary analysis of the malicious code shows that that Cabir is transmitted as an SIS file (a Symbian distribution file), but the file is disguised as Caribe Security Manager utility, part of the telephone security software. If the infected file is launched, the telephone screen will display the inscription "Caribe". The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found. Interesting is that a user will have to accept and install the file, so it's not completely "stealth". But we all know users open infected e-mails on laptops and desktops, why not on mobile phones?
The company says that analysis of the worm's code has not so far detected any malicious payload. The worm is coded to run under Symbian OS, used in many Nokia telephones. However, it is possible that Cabir will function on handsets produced by other manufacturers.