SymbOS.Cabir.H is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir
The only differences are:
- The worm spreads as VELASCO.SIS.
- The worm creates the file MARCOS.MDL instead of FLO.MDL.
- The worm does not display a message after infection.
The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range.
The worm spreads as a .SIS file, which is installed into the APPS directory. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Virus definitions dated prior to January 6, 2005 detect this threat as SymbOS.Cabir
Symantec recommends the following to protect against this threat:
- If Bluetooth is not required, it should be turned off.
- If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
- Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
- Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.