1. /
  2. Security Response/
  3. SymbOS.Cabir.D

SymbOS.Cabir.D

Risk Level 1: Very Low

Discovered:
December 14, 2004
Updated:
February 13, 2007 12:31:32 PM
Type:
Worm
Systems Affected:
EPOC


SymbOS.Cabir.D is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.

The only differences are:
  • The worm spreads as MYTITI.SIS.
  • The worm displays the following message after infection:

    MYTITI

The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.



Symantec recommends the following to protect against this threat:
  • If Bluetooth is not required, it should be turned off.
  • If you require the use of Bluetooth, ensure that the devices's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
  • Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
  • Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.


Antivirus Protection Dates

  • Initial Rapid Release version January 6, 2005
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version January 6, 2005
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date January 12, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report