Worm ready to wriggle into smart phones

The first phone-infecting worm is just for show, but antivirus experts say there are more to come.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
2 min read
Antivirus companies on Monday raced to decipher the workings of the first worm to target smart phones, while saying that the current incarnation of the program poses little threat.

The worm program, dubbed Cabir by Russian antivirus company Kaspersky, apparently uses the Bluetooth short-range wireless feature of smart phones that run the Symbian operating system to detect other Symbian phones, and then transfers itself to the new host as a package file. While able to replicate the spread of the virus in research settings, antivirus companies have not found any evidence that the program is infecting smart phones outside of those limited test cases.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

"I don't think it will spread," said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team. The group that is thought to have created the worm "likes to make concept viruses," he said, "so they probably just wanted to show that it could work."

Antivirus companies were apparently sent a copy of the worm from the group that created it. While the program does not do anything but spread, and has not yet been detected among the public's phones, Gullotto believes that other virus writers may use the worm as a departure point for their own development.

The Symbian software dominates the smart-phone market, which remains small, representing only a thin slice of the more than 1 billion cell phones in circulation. It's expected to battle a similar product from Microsoft for the lead in the operating system market through the end of the decade. Currently, Symbian's operating system is in a majority of smart phones--devices that combine the features of cell phone and a personal digital assistant.

Hackers and researchers have repeatedly warned about problems with the security of the Bluetooth wireless standard. This worm, however, mostly takes advantage of the amount of trust the Symbian operating system invests in other Symbian-based smart phones.

After infecting a phone, the program creates an application package file containing the worm and passes it to another phone over an automatically established Bluetooth connection, according to antivirus companies. The phone that received the program installs the application, thus infecting itself.

Nokia, which took the wraps off five new phones on Monday, is in the process of buying a controlling share of Symbian, the company that licenses the operating system of the same name. Only one of the new phones runs the Symbian operating system.

CNET News.com's Ben Charny contributed to this report.