Details emerge of first mobile phone worm
- 18 June, 2004 09:19
More details are emerging about what may be the first mobile phone worm.
Kaspersky Labs, a Moscow antivirus vendor, reported the find on Monday, and short news reports began appearing thereafter. Now, Network Associates' McAfee division has posted a profile of the worm, dubbed Cabir (although the screen display is "Caribe").
McAfee's profile rates the worm as a low risk for both home and corporate users.
The worm was written for mobile phones running the Symbian operating system, and uses a Bluetooth wireless connection to access a device. Specifically the worm could run on any Series 60 phone (from Siemens, Nokia and others that have Symbian OS 6.1 or higher). McAfee has confirmed propagation on the Nokia 6600 and 3650 devices.
The F-Secure Weblog confirms that the worm seems to infect any Series 60 phones regardless of manufacturer.
There is no malicious payload, though the worm copies three files into a hidden directory. It displays "Caribe" or "Caribe-VZ-29A" on the screen, the latter a reference to a virus writer using the name Vallez, a member of the 29a group of virus writers. According to the Kaspersky Labs site, the group is responsible for the Cap, Stream, Donut, and Rugrat viruses. Each is a first of its kind: Donut was the first virus for .Net, Rugrat the first Win64 virus.
However, Cabir was not completely harmless: it seeks to transmit itself to any other Bluetooth-equipped Symbian device within range, and the "worm activity seriously reduces battery life", McAfee said.
The company rates the risk low because Bluetooth has to be deliberately activated by a mobile phone user, and accepting the Caribe package requires pressing a button before the files can be loaded into the receiving phone.