Kaspersky Labs, a leading information security software developer, has
detected Cabir, the first network worm which propagates via mobile
networks. It infects telephones running Symbian OS. So far, Cabir does not
seem to have caused any security incidents.
It seems that the worm was created by a virus writer going under the name
of Vallez. This pseudonym is used by 29a, an international group of virus
writers. The group specialises in creating proof-of-concept viruses. Among
the group's creations are Cap, the first macro virus to cause a global
epidemic; Stream, the first virus for additional NTFS streams; Donut, the
first virus for .NET and Rugrat, the first Win64 virus.
Preliminary analysis of the malicious code shows that that Cabir is
transmitted as an SIS file (a Symbian distribution file), but the file is
disguised as Caribe Security Manager utility, part of the telephone
security software. If the infected file is launched, the telephone screen
will display the inscription "Caribe". The worm penetrates the system and
will then be activated each time the phone is started. Cabir scans for all
accessible phones using Bluetooth technology, and sends a copy of itself to
the first one found.
Analysis of the worm's code has not so far detected any malicious payload.
The worm is coded to run under Symbian OS, used in many Nokia telephones.
However, it is possible that Cabir will function on handsets produced by
other manufacturers.
Be careful!!!!!!
Carlos Heredia
Received on Wed Jun 16 11:10:28 2004