Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- December 30, 2004
- Updated:
- February 13, 2007 12:31:33 PM
- Type:
- Worm
- Systems Affected:
- EPOC
SymbOS.Cabir.F is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
- The worm spreads as skulls.SIS.
- The worm creates MOD.MDL instead of FLO.MDL.
- The worm displays the following message after infection:
skulls
The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.
The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Symantec recommends the following to protect against this threat:
- If Bluetooth is not required, it should be turned off.
- If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
- Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
- Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.
Antivirus Protection Dates
- Initial Rapid Release version January 6, 2005
- Latest Rapid Release version August 20, 2008 revision 017
- Initial Daily Certified version January 6, 2005
- Latest Daily Certified version August 20, 2008 revision 016
- Initial Weekly Certified release date January 12, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Low
Distribution
- Distribution Level: Low
Writeup By: Robert X Wang
