Two new Cabir mobile phone worms spotted
Worm source code may have been released on the Internet
IDG News Service - Two new versions of a computer virus that affects mobile phones were discovered yesterday, with new features that allow them to spread more quickly among vulnerable devices, an antivirus company reported.
Cabir.H and Cabir.I are the latest versions of a worm that was first identified in June and affect Symbian Ltd. mobile phones. There are no reported infections from the new worms.
Like the original Cabir worm, dubbed Cabir.A, the new Cabir variants spread among mobile phones using a specially formatted Symbian operating system distribution (or SIS) file disguised as a security management utility. When the infected file is launched, the mobile phone's screen displays the word Caribe, and the worm modifies the Symbian operating system so that Cabir is started each time the phone is turned on.
Infected mobile phones scan for vulnerable phones using a Bluetooth wireless connection and then send a file, velasco.sis, that contains the worm to those phones. While the new Cabir variants don't destroy data on the phones they infect, they block legitimate Bluetooth wireless connections and rapidly consume the phone's battery, antivirus firm F-Secure Corp. said.
Both new Cabir variants have been changed so that they can spread more quickly than earlier versions of the worm. For example, unlike earlier variants of Cabir, the Cabir.H and Cabir.I can search for and find a new target if another vulnerable phone goes out of range, Helsinki, Finland-based F-Secure said.
"In conditions where people move around and new phones come in contact with each other, the Cabir.H and Cabir.I can spread quite rapidly," the company said in a statement.
To be infected by Cabir, mobile phones must be running vulnerable versions of the Symbian Series 60 software and have the Bluetooth wireless feature in "discoverable" mode, making them open to new connections, F-Secure said.
F-Secure researchers are concerned about the similarity between the latest Cabir variants and the original worm code, which could indicate that the virus author has released the source code for the worm on the Internet.
"These new variants seem to be recompiled versions based on original Cabir source code. Which means that the Cabir source code is floating around in the underground. Which is bad news," the company said.
Other computer viruses that have had their source code published online, including the Bagle and Phatbot worms, quickly spawned hundreds of variants as less-sophisticated virus writers and malicious hackers modified the code and released their own version of the original worm.
F-Secure hasn't seen a copy of the Cabir code online. However, the pace of development for Cabir has accelerated in recent weeks,
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts