December 28, 2004 3:36 PM PST
Cabir cell phone threat worsens
- Related Stories
Hybrid Trojan horse aims at Symbian phonesDecember 21, 2004
Skulls program carries Cabir worm into phonesNovember 29, 2004
Skulls program kills cell phone appsNovember 19, 2004
Trojan horse drives spam into cell phonesNovember 9, 2004
Mosquito software bites smart phonesAugust 12, 2004
TI teams to hang up cell phone crackersJune 29, 2004
Smart-phone worm has a hang-upJune 15, 2004
Worm ready to wriggle into smart phonesJune 14, 2004
Earlier versions of Cabir, which spreads through phones running the Symbian operating system and Bluetooth wireless technology, won attention this summer for being the first worms to spread via smart phones. But they were quickly determined to be relatively harmless, proof-of-concept programs.
"These new Cabir variants fix a flaw that was slowing down original Cabir's spreading speed," F-Secure warned in a release Tuesday. "Cabir originally would only spread to one new phone per reboot (while) Cabir.H and Cabir.I can spread to an unlimited number of phones per reboot."
The sheer quantity of variants being detected now and their closeness to the original indicate that Cabir's secret sauce is no longer much of a secret, F-Secure warned.
"These new variants seem to be recompiled versions based on original Cabir source code," F-Secure said. "Which means that the Cabir source code is floating around in the underground. Which is bad news. We didn't know the sources were out there, and we've never seen them."
F-Secure said the latest variants had not been detected in the wild, and that Symbian users can protect themselves by turning off the phone's "discoverable" mode. The malicious software affects only Symbian OS-based phones running Nokia's Series 60 user interface, according to Symbian.