Cabir cell phone threat worsens
With new, more powerful variants popping up, a security firm warns that cell phone worm's source code may be on the loose.
Earlier versions of Cabir, which spreads through phones running the Symbian operating system and Bluetooth wireless technology, won attention this summer for being the first worms to spread via smart phones. But they were quickly determined to be relatively harmless, proof-of-concept programs.
As it issued alerts for Cabir.H, Cabir.I, and Cabir.J, security firm F-Secure warned that the latest versions of Cabir are evolving beyond its comparatively benign predecessors.
"These new Cabir variants fix a flaw that was slowing down original Cabir's spreading speed," F-Secure warned in a release Tuesday. "Cabir originally would only spread to one new phone per reboot (while) Cabir.H and Cabir.I can spread to an unlimited number of phones per reboot."
The sheer quantity of variants being detected now and their closeness to the original indicate that Cabir's secret sauce is no longer much of a secret, F-Secure warned.
"These new variants seem to be recompiled versions based on original Cabir source code," F-Secure said. "Which means that the Cabir source code is floating around in the underground. Which is bad news. We didn't know the sources were out there, and we've never seen them."
F-Secure said the latest variants had not been detected in the wild, and that Symbian users can protect themselves by turning off the phone's "discoverable" mode. The malicious software affects only Symbian OS-based phones running Nokia's Series 60 user interface, according to Symbian.