The First Mobile Worm Cabir Proves a Point, but Causes No Serious Threat

Cabir, a Symbian OS worm discovered yesterday, has been confirmed to be the first real mobile phone virus. Symbian OS is an open operating system, which is used in data-enabled mobile phones of leading phone maunufacturers.

The Cabir worm runs in mobile phones that use the Symbian Series 60 user interface platform. The worm is packed in a Symbian installation file (.sis) and tries to spread further over Bluetooth. When installed in the phone, the worm activates automatically and starts looking for new devices that use Bluetooth. Once Bluetooth phones in discoverable mode are found, the worm tries to replicate by sending itself to them. The worm activates, if the user of the receiving phone chooses to accept and install the received file named caribe.sis, which contains the worm.

Although the worm does not cause any immediate threat to phone users, it clearly demonstrates the fact that technology to write viruses on mobile devices already exists and is also known to virus writers.

“No incidents of Cabir spreading have been reported so far, but this worm is nevertheless perfectly functional and able to spread if released in the wild”, Matias Impivaara, Business Manager, Mobile Security Services, at F-Secure explains. “If a person with an infected phone was walking through a city centre during the busiest afternoon jam, thousands of others could be infected. Even when we tested this worm, we had to do it in the company’s bomb shelter in order to prevent the worm from connecting to other Bluetooth phones and spreading”, he continues.

Mobile malware incidents cause end user support load, terminal downtime, negative customer experience, slow service adoption, and bad publicity. The possibility of virus threats on mobile devices is increasing constantly when more advanced handheld devices are introduced to the market. Also unintentional harmful content and vulnerabilities in mobile devices are causing more and more problems.

The emerging mobile virus threat calls for new measures from both the service providers and users of mobile devices. Protection against harmful content will be required on every terminal using an open operating system, but smartphone users should not be troubled with security any more than is absolutely necessary.

Operators, service providers and mobile device vendors are in the best position to provide antivirus services for mobile phone users. Mobile phone users themselves should be cautious about the threat and be careful not to install any unknown applications.

The Symbian Series 60 version of F-Secure Mobile Anti-Virus detects the Cabir worm and is able to delete the worm components.

F-Secure Mobile Anti-Virus is comprehensive solution for protecting mobile terminals against harmful content. It provides real-time on-device protection with automatic over-the-air antivirus updates through a patented SMS update mechanism or HTTPS connections.

More information and screen shots of the worm installation and disinfection are available at http://www.f-secure.com/v-descs/cabir.shtml and http://www.f-secure.com/weblog/.

About F-Secure

F-Secure Corporation protects individuals and businesses against computer viruses and other threats coming through the Internet or mobile networks. Our award-winning solutions include antivirus, desktop firewall with intrusion prevention and network encryption. Our key strength is the speed of response to new threats. For businesses our solutions feature centralized management. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999. We have our headquarters in Helsinki, Finland, and offices in USA, France, Germany, Sweden, the United Kingdom and Japan. F-Secure is supported by a global ecosystem of value added resellers and distributors in over 50 countries. F-Secure protection is also available through major Internet Service Providers, such as Deutsche Telekom and France Telecom.