This from a forwarded email:


Kaspersky Labs detects Cabir, the first network worm for mobile phones

Kaspersky Labs, a leading information security software developer, has detected Cabir, the first network worm which propagates via mobile networks. It infects telephones running Symbian OS. So far, Cabir does not seem to have caused any security incidents.

It seems that the worm was written by "Vallez". This pseudonym is used by 29a, an international group of virus writers. The group specializes in creating proof-of-concept viruses. Among the group's creations are Cap, the first macro virus to cause a global epidemic; Stream, the first virus for additional NTFS streams; Donut, the first virus for .NET and Rugrat, the first Win64 virus.

Preliminary analysis of the malicious code shows that that Cabir is transmitted as an SIS file (Nokia Phone Game File), but the file is disguised to be a Caribe Security Manager utility, part of the telephone security software. If the infected file is launched, the telephone screen will display the inscription "Caribe". The worm penetrates the system and will then be activated each time the phone is started. Cabir scans for all accessible phones using Bluetooth technology, and sends a copy of itself to the first one found.

Analysis of the worm's code has not so far detected any malicious payload.

The worm is coded to run under Symbian OS, used in many Nokia telephones. However, it is possible that Cabir will function on handsets produced by other manufacturers.

The original source of the email can be found here (http://www.kaspersky.com/news?id=149499226).

So be careful when accepting messages! Even from your cell phone!

Symbian OS is licensed to handset manufacturers that account for over 85% of worldwide mobile phone sales.

That's just text messages, I asssume?

Symbian OS is licensed to handset manufacturers that account for over 85% of worldwide mobile phone sales.

That's just text messages, I asssume?

I read it more to include messages with attachments:

Preliminary analysis of the malicious code shows that that Cabir is transmitted as an SIS file (Nokia Phone Game File), but the file is disguised to be a Caribe Security Manager utility, part of the telephone security software. If the infected file is launched, the telephone screen will display the inscription "Caribe".

I thought sis files were just for EPOC operation systems? That's what confused me. I'm still thinking PDA's.

Okay, you are right, I'll be quiet now ;)

I thought sis files were just for EPOC operation systems? That's what confused me. I'm still thinking PDA's.

Okay, you are right, I'll be quiet now ;)

No need, it's good to make that distinction.


I think it is interesting how the lines between laptop, PDA, cell phone, digital camera, etc. are being blurred. I think in the near future we may get (if we don't already now) phone calls from our TiVo's letting us know that someone is trying to break in to our digital home using some weak virus.

Its a scary thought.

I had been pondering to myself a few weeks back wither we would ever be seeing mobile phone viruses. Given most of them have full blown applications running on them like JVM's, I thought it must be plausible.

If you can fit a JVM onto a mobile phone, you can do pretty much anything a desktop computer can do (with some obvious limitations). Coupled with ther fact that these devices are intended for networked applications, its a recipe for disaster. The virus wouldnt even really need to propogate through the phones themselves, given the number of servers and computer systems involved in simple phone communication (GSM, GPRS, SMTP . . .), propogation should theoretically be easier than on a desktop.

It also make you think more about the future. We've all heard the stories about 'networked homes' where the washing machine, fridge freezer and the likes are all networked. How crappy would it be to come back from work to discover your freezer has been infected by the new 'defrost' virus? Or your clothes all wrecked by the 'excessive temprature wash' virus!

I do find it strange that their doesnt seem to be any counter measures in place for this kind of thing (if Im wrong somebody please let me know). You woudld think that after all the virus trouble PCs have had, this kind of thing would have been well expected and counter measures in place.

C.

If you can fit a JVM onto a mobile phone, you can do pretty much anything a desktop computer can do (with some obvious limitations). Coupled with ther fact that these devices are intended for networked applications, its a recipe for disaster. The virus wouldnt even really need to propogate through the phones themselves, given the number of servers and computer systems involved in simple phone communication (GSM, GPRS, SMTP . . .), propogation should theoretically be easier than on a desktop.

Unless the cell phone companies and service providers do something proactive about virus protection (perhaps a collaboration with Symantec or the like), I estimate we will see some lawsuits where customers claim a virus ran up a phone bill of $5k or more. Watch for this type of activity in the news, it seems very likely to me. Of course, I am not a network guru by any means. But it seems like the potential for this to become a huge problem is there.

Anyone have any reasons why it wouldn't be a huge problem?

The cabir (alias: epoc.cabir) has to be manually distributed - so, for the moment it isn't much of a threat. But it won't be long before people are crying "the virus did it!" and trying to get a way with huge call bills.

Some of the affected mobile phones are:

Nokia 7650
Nokia 7610
Nokia 6620
Nokia 6600
Nokia 3650, 3600
Nokia 3660, 3620
Nokia N-Gage
Panasonic X700
Siemens SX1
Sendo X

It's just going to be another reason to keep lawyers in business. There will be perversions of this one and then new ones will start popping up as the virus is examined by other virus writers. I'm really surprised that there weren't more problems with PDA's.

Some of the affected mobile phones are:
...
Nokia 6600
...


Doh! I just got a 6600! Oh well, I don't expect to get any real messages with attachments anyway so I won't be opening any that come to me.

This phone is so new to TMobile (my provider), they don't even have the tech support finished on their web site.

I suppose that's what I get for living on the edge of technology. Viva Bluetooth!