Mobile Phone Worm Inches Its Way to US

The mobile phone worm Cabir has popped up in a Santa Monica, California, store window, its first known appearance in the U.S.

The news was greeted with a shrug by one analyst. “This worm’s appearance in the wild is no surprise,” Pete Lindstrom, research director at Spire Security, told TechNewsWorld. “After all, it was prophesied by the sacred texts of trade publications and antivirus vendors, and thus it happened. And it will happen again.”

Eating Battery Power

The virus, which announces itself on mobile phones with the word “Caribe,”was first discovered by an employee of security software provider Symantec. Cabir first appeared eight months ago in the Philippines and has since spread to 12 countries.

Themalware sucks up battery power and blocks Bluetooth connections. It wasoriginally written as a proof-of-concept worm and sent only to securityfirms as a warning.

Cabir searches for the Bluetooth opening and sends a SymbianInstallation System to those phones. As with infected e-mail attachments,nothing will happen without user interaction. With Cabir, a user must acceptthe transmission and manually install it.

Only phones running Symbian OS with Series 60 software thathave the Bluetooth wireless feature set to “discovery” mode are vulnerable toinfection. The infected phones in SantaMonica were Nokia 6600 models.

Slow Spread

Because mobile phones use so many different operating systems, Cabir is unlikely tocause much damage.

“Unlike personal computers and the Internet, mobile phones and mobile phonenetworks are not generally open systems permitting unknown parties tointroduce software,” Ira Brodsky, president of Datacomm Research, toldTechNewsWorld.

Ed Moyle of Security Curve concurred.

“I think the fact that it took eight months to get to the U.S. is asignificant indicator of the infection rate that we’re likely to see nowthat it’s here,” he told TechNewsWorld.

“In the PC world, forexample, some of the malware we’re seeing can infect most or all of thevulnerable hosts in a matter of hours or minutes,” Moyle said. “In the phone world, itcould take years to get to the same relative level of infection.”

Narrow Focus

The overall problem of mobile device malware, however, is likely to get worse asvirus writers find more sophisticated ways to spread the viruses and mobileoperating systems become more standardized.

Earlier this month, IBM releasedits annual Global Business Security Index Report and named malware and spamattacks on mobile devices as a growing threat.

“Yes it is likely to get worse. People must care a lot more and be willingto pay for security. Or not, and learn to live with this type of thing,”Lindstrom said.