- January 5, 2005
- February 13, 2007 12:31:40 PM
SymbOS.Cabir.P is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir
The only differences are:
- The worm spreads as 22207-.SIS.
- The worm displays the following message after infection:
The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.
The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Symantec recommends the following to protect against this threat:
- If Bluetooth is not required, it should be turned off.
- If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
- Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
- Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.
Antivirus Protection Dates
Initial Rapid Release version January 7, 2005
Latest Rapid Release version August 20, 2008 revision 017
Initial Daily Certified version January 7, 2005
Latest Daily Certified version August 20, 2008 revision 016
Initial Weekly Certified release date January 12, 2005
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Robert X Wang