1. /
  2. Security Response/
  3. SymbOS.Cabir.K


Risk Level 1: Very Low

December 30, 2004
February 13, 2007 12:31:38 PM
Systems Affected:

SymbOS.Cabir.K is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.H.

The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.

The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.

Note: Virus definitions dated prior to January 7, 2005 detect this threat as SymbOS.Cabir.

Symantec recommends the following to protect against this threat:
  • If Bluetooth is not required, it should be turned off.
  • If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
  • Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
  • Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.

Antivirus Protection Dates

  • Initial Rapid Release version January 7, 2005
  • Latest Rapid Release version March 3, 2008 revision 035
  • Initial Daily Certified version January 7, 2005
  • Latest Daily Certified version March 3, 2008 revision 037
  • Initial Weekly Certified release date January 12, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Robert X Wang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report