1. /
  2. Security Response/
  3. SymbOS.Cabir.E

SymbOS.Cabir.E

Risk Level 1: Very Low

Discovered:
December 14, 2004
Updated:
February 13, 2007 12:31:32 PM
Type:
Worm
Systems Affected:
EPOC

SymbOS.Cabir.E is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.

The only differences are:
  • The worm spreads as [YUAN].SIS.
  • The worm displays the following message after infection:

    [YUAN]

The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.



Symantec recommends the following to protect against this threat:
  • If Bluetooth is not required, it should be turned off.
  • If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
  • Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
  • Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.


Antivirus Protection Dates

  • Initial Rapid Release version January 6, 2005
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version January 6, 2005
  • Latest Daily Certified version August 20, 2008 revision 016
  • Initial Weekly Certified release date January 12, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver