CABIR: THE FIRST MOBILE PHONE WORMS
MANILA, July 3, 2004 (STAR) By Gadjo Cardenas Sevilla - Ushering in a new era of paranoia for mobile phone users, the Cabir worm emerged last week, targeting smartphones running the popular Symbian Series 60 operating system. Fortunately, the Cabir worm is generally harmless although it proves that trojans, worms and other forms of malware (malicious software) can be propagated through cellphones that are far more ubiquitous than PCs. Currently, high-end smartphones from Nokia, Sony Ericsson, Siemens and Panasonic run on the Series 60 platform.
The French unit of the Russian security software developer Kaspersky Labs said the virus – called Cabir – appears to have been developed by an international group specializing in creating viruses in their bid to show "that no technology is reliable and safe from their attacks."
The Cabir worm, which transfers between phones via Bluetooth, operates this way: it claims to be a security file, and once the user installs it, the file simply displays the word "Caribe" on the screen.
This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range. The worm spreads as a .SIS file, which is installed into the Apps directory.
There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Bluetooth is known to reduce the battery life of devices when it is enabled; it should generally be kept shut off unless an authorized file transfer is taking place. Many users are unaware that their Bluetooth settings are on from the time they purchase their new phones.
The underground Czech and Slovakian virus programmers wrote the worm to prove how vulnerable cellphones are. Although it is harmless, Caribe does open doors for more malignant and potentially damaging viruses – and yes, creates opportunities for anti-virus makers to enter a new market.
Four or five years ago when Palm and Pocket PC PDAs (personal digital assistants) were becoming popular, there were speculations about portable viruses floating around. Antivirus companies jumped on the bandwagon and sold a fair number of antivirus programs for PDAs although no major viruses ever hit the platform.
With mobile phones becoming increasingly smarter and more connected, the dangers of virus propagation are imminent.
The worry is that more dangerous worms are bound to follow soon – for instance, a virus that could leap on its own from computers to phones, or one that could trigger phones to make calls or send pre-programmed text or picture messages without their owners being aware of it. More unnerving is the possibility of viruses or worms that siphon the contents of phones such as address books and other information.
The Cabir or Caribe worm can reach only mobile phones that support Bluetooth, have Bluetooth switched on, and are in discoverable mode. Bluetooth is considered by many to be a breakthrough WAN (wireless area network) technology that can enable wireless connections and file transfers between PCs, mobile phones, PDAs, printers and other devices. Bluetooth-enabled devices are more expensive than non-Bluetooth ones because of the promise of peripheral connectivity.
Lately, the weaknesses of Bluetooth have been exposed by such activities as "bluejacking" where prank messages are sent at random to unsuspecting but "visible" Bluetooth-enabled devices.
Reported by: Sol Jose Vanzi
© Copyright, 2004
by PHILIPPINE HEADLINE NEWS ONLINE
All rights reserved
PHILIPPINE HEADLINE NEWS ONLINE [PHNO] WEBSITE