1. /
  2. Security Response/
  3. SymbOS.Cabir.C


Risk Level 1: Very Low

December 14, 2004
February 13, 2007 12:31:32 PM
Systems Affected:

SymbOS.Cabir.C is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.

The only differences are:
  • The worm spreads as ni&ai-.SIS.
  • The worm displays the following message after infection:


The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.

Symantec recommends the following to protect against this threat:
  • If Bluetooth is not required, it should be turned off.
  • If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
  • Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
  • Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.

Antivirus Protection Dates

  • Initial Rapid Release version January 6, 2005
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version January 6, 2005
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date January 12, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report