First mobile phone virus discovered

News Interactive ^ | June 16, 2004

[FourPeas]

THE first ever computer virus that can infect mobile phones has been discovered, anti-virus software developers said today, adding that up until now it has had no harmful effect.

The French unit of the Russian security software developer Kaspersky Labs said that that virus - called Cabir - appears to have been developed by an international group specialising in creating viruses which try to show "that no technology is reliable and safe from their attacks".

Cabir infects the Symbian operating system that is used in several makes of mobiles, notably the Nokia brand, and propagates through the new bluetooth wireless technology that is in several new mobile phones.

If the virus succeeds in penetrating the phone, it writes the inscription 'Caribe' on the screen and is then activated every time that the phone is turned on.

It is able to scan for phones that are also using the Bluetooth technology and is able to send a copy of itself to the first handset that it finds.

According to the anti-virus software developer F-Secure, the discovery of Cabir is proof that the technologies are now available to create viruses for mobile phones and that they are now known to the writers of computer viruses.

Anti-virus experts have been warning for months that mobile phone viruses are set to multipy, given the increasingly diverse uses of mobile phones.

[FourPeas]

Fascinating. I suppose we shouldn't be too surprised, eh?

[steplock]

actually I believe the first cellular phone virus came out about --- 5 years ago or so? If I remember correctly.

[kjam22]

I think our world is to complicated.... One thing is for sure.... the disparity in knowledge is incredible. From people who struggle to program phone numbers into their cell phone, to people writting viruses to hijack them.

[tophat9000]

Gee now even phone sex is unsafe

[Rebelbase]

LOL!

[MHGinTN]

Unless a person needs a cell phone for business, or parents want their kids to have backup help in an emergency, the vast phone craze is a sign of loneliness and/or fear of being alone with one's self. Why else would so many dolts dial their cell phone as soon as they get in their car by themselves to drive somewhere?

[kjam22]

I agree with you for the most part. Like right now... my wife is traveling on a 3 hour trip to pick up her mother... then bring her 3 hours back to our house. I'm glad she has a cell phone with her just in case something happens.

But your observation is pretty accurate in lots of cases.

[martin_fierro]

"Get a Mac" ... er, waitaminnit.

[COBOL2Java]

[JimRed]

Ordinarily I object to torture. But I am willing to make an exception for virus writers.

[stuartcr]

Incredibly effective marketing.

[JimRed]

Why else would so many dolts dial their cell phone as soon as they get in their car by themselves to drive somewhere?

For the same reason others light up as soon as they get in the car: habit.

[traumer]

Can you hear me now... ?

[Bloody Sam Roberts]

"...an international group specialising in creating viruses which try to show "that no technology is reliable and safe from their attacks".

"NOBODY expects the Spanish Inquisition! Our chief weapon is surprise...surprise and fear...fear and surprise.... Our two weapons are fear and surprise...and ruthless efficiency.... Our *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devotion to the Pope.... Our *four*...no... *Amongst* our weapons.... Amongst our weaponry...are such elements as fear, surprise.... I'll come in again."

[gargoyle]

...Yea. Next question, why? For profit, or a joke, too much idle time???

[goodnesswins]

I'm with YOU....I've always found it curious that people are so obsessed with a telephone....it's like the teeny boppers who have to call their "friends" all the time just for something to do...I have more important things to do in life than jabber on a phone....but, then I hate land-line phones, too! LOL.

[adam_az]

Paging the InfoSec pinglist... Let me know if you want to be 1 or 0. (That's ON or OFF, for those who are not binary-compliant)

Very interesting!

Following info from http://securityresponse.symantec.com/avcenter/venc/data/epoc.cabir.html

EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is automatically installed into the APPS directory when the receiver accepts the transmission.

When EPOC.Cabir is executed, it:

* Displays a message (see the "Technical Details" section), then copies itself to a directory on the phone. (This directory is not visible, by default.)

* Runs from this directory when the phone is restarted, so that it continues to work even if the files are deleted from the APPS directory.



Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds.

There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.

Also Known As: Worm.Symbian.Cabir.a [Kaspersky], Cabir [F-Secure]

Type: Worm
Infection Length: 15104 (caribe.sis), 11944 (caribe.app), 11498 (flo.mdl), 44 (caribe.rsc)

Systems Affected: EPOC
Systems Not Affected: DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX, Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Wild:

* Number of infections: 0 - 49
* Number of sites: 0 - 2
* Geographical distribution: Low
* Threat containment: Easy
* Removal: Moderate


Technical Details


When EPOC.Cabir is executed, it does the following actions:
1. Displays a message as shown in this picture:


2. Creates the following files on the phone:
* \SYSTEM\APPS\CARIBE\CARIBE.APP
* \SYSTEM\APPS\CARIBE\CARIBE.RSC
* \SYSTEM\APPS\CARIBE\FLO.MDL
* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.APP

* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.RSC

* \SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.SIS

* \SYSTEM\RECOGS\FLO.MDL

* \SYSTEM\INSTALLS\CARIBE.SIS

3. Attempts to send itself to the first Bluetooth-enabled device that it finds, regardless of the type of device.

4. Executes every time the device is turned off and on.

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":



To remove EPOC.Cabir:


1. Install a file manager program on the phone.
2. Enable the option to view the files in the system directory.
3. Search the drives, A through Y, for the \SYSTEM\APPS\CARIBE directory. 4. Delete the files CARIBE.APP, CARIBE.RSC, and FLO.MDL from the \CARIB directory.
5. Go to the C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER directory.
6. Delete the files CARIBE.APP, CARIBE.RSC, and CARIBE.SIS.
7. Go to the C:\SYSTEM\RECOGS directory.
8. Delete the file, FLO.MDL.
9. Go to the C:\SYSTEM\INSTALLS directory.
10. Delete the file, CARIBE.SIS.

Note: You cannot delete the file CARIBE.RSC when the program is running.

If you cannot delete this file in steps 4 and 6, delete all the files that you can, restart the phone, and then delete the CARIBE.RSC file

[adam_az]

I'm frequently not home and nearly always on call, so I replaced my landline with a cellphone.

[af_vet_rr]

I think our world is to complicated....

Just wait, it'll get worse. Our ships, planes, and not too far off, cars, are being run by more and more complex computer systems. I don't foresee a blue-screen causing somebody to crash on a highway, or anything, but still...

What worries me, is that more and more stuff is being consolidated. Example - telephone system is slowly moving over to the internet, through Voice-Over-IP. We already have enough problems as it is, in regards to computer security, viruses, etc. You have a problem somewhere, not only do you lose internet access, or your cable TV, but you could end up losing more.

[ravingnutter]

I agree...I drive 104 miles round trip to work every day, as I live in the country, and never wanted a cell phone. Heck there are pay phones within walking distance all over. Problem is, we have a metro number, but the newer pay phones keep "insisting" it is long distance (and the sign says call anywhere in the US for .25/min...yeah right, more like $1.10/min). So...recently my Brother-in-law died and he had one of those prepaid ones that charges .25 for the first 10 minutes and .10 for every minute thereafter, so hubby talked me into activating it in my name.

I could have wrung his neck last night! He was in the front yard talking to a friend and used our cordless home phone to call me on my cell phone in the house to ask me to bring him a beer. I was livid, especially since I was cooking dinner at the time and dealing with hot grease and our place is under construction right now, so there were alot of hurdles to go through to get to where he was. I just shut off dinner and grabbed a couple of beers and went out and sat down with them. When he asked about dinner a little later, I told him I had shut it off so I could party too...he had dinner about 9:00 PM...I don't think he'll be doing that again, LOL!