Why You Don't Have to Worry About Cabir
By Mark Frauenfelder, Thu Jun 17 02:45:00 EEST 2004

The first mobile phone virus can't hurt you unless you are very, very stupid.


As mobile phones become more powerful, they'll also become bigger targets for troublemakers. Mobiles are already getting hit with spam, now it looks like they'll be infected with viruses, too.

A Moscow-based anti-virus company, Kaspersky Labs, reported the a virus that lives in the Symbian operation system. Called "Cabir," the virus (more accurately called a "network worm") disguises itself as a security management utility. Once Cabir infects a phone, it attempts to transmit copies of itself to other phones via Bluetooth.

So far, the virus hasn't shown up in the real world. Even if Cabir does make it out of the hackers' labs and into the mobile networks, it won't be catastrophic. First of all, because it's transmitted via Bluetooth, a potential victim's phone will display multiple warnings when Cabir attempts to infect it. Only an extremely curious fool would ignore such warnings. Second, Cabir doesn't contain a malicious payload that damages files. Instead, it simply displays the word "Caribe" on the phone's screen. (Of course, Bluetooth viruses that follow Cabir probably won't be so friendly.)

A member of 29A Labs, a group of Eastern European hackers who write “proof-of-concept” viruses, wrote the virus. Cabir fits the "proof-of-concept" label quite nicely. It proves that the Symbian OS is vulnerable in theory, but a virus that can bypass Bluetooth's warning system is an entirely different matter.

It's possible to download several different viruses from 29A's website, but Cabir isn't available on the site. The front page of the site has a notice dated June 12, which reads: "+vallez, the new 29A member, coded the very first virus infector for mobiles!"

According to its stated mission, the members of 29A Labs "code viruses for the fun of it, because it's our hobby, not because we want to harm other people or to get ourselves into trouble." They also state, "In general we're against destructive payloads and the spreading of viruses but we do not forbid our members, or those who contribute to 29A magazine to include destructive payloads in their viruses nor do we forbid our members to spread viruses." They also claim that they will not be held responsible for the use or misuse of the viruses they write.

If, against all odds, your phone does get hit with Cabir, here are Symantec's removal instructions.