Cabir (computer worm)

Last updated
Caribe
Technical nameCabir
Nokia 3650 Front and Back.jpg
A Nokia 3650, one of the devices affected by Cabir
AliasSybmOS/Cabir
Symbian/Cabir
EPOC.cabir
Mabir
TypeWorm
Technical details
Platform Symbian

Cabir (also known as Caribe, SybmOS/Cabir, Symbian/Cabir and EPOC.cabir) is the name of a computer worm developed in 2004 [1] that is designed to infect mobile phones running Symbian OS. It is believed to be the first computer worm that can infect mobile phones. [2] When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.

The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention. Several firms subsequently released tools to remove the worm, the first of which was the Australian business TSG Pacific. [3]

The worm can attack and replicate on Bluetooth enabled Series 60 phones. The worm tries to send itself to all Bluetooth enabled devices that support the "Object Push Profile", which can also be non-Symbian phones, desktop computers or even printers. The worm spreads as a .sis file installed in the Apps directory. Cabir does not spread if the user does not accept the file-transfer or does not agree with the installation, though some older phones would keep on displaying popups, as Cabir re-sent itself, rendering the UI useless until yes is clicked. Cabir is the first mobile malware ever discovered. [4]

While the worm is considered harmless because it replicates but does not perform any other activity, it will result in shortened battery life on portable devices due to constant scanning for other Bluetooth enabled devices.

Cabir was named by the employees of Kaspersky Lab after their colleague Elena Kabirova. [5]

Mabir, a variant of Cabir, is capable of spreading not only via Bluetooth but also via MMS. By sending out copies of itself as a .sis file over cellular networks, it can affect even users who are outside the 10m range of Bluetooth.

See also

Related Research Articles

<span class="mw-page-title-main">Bluetooth</span> A short-range wireless technology standard

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limited to 2.5 milliwatts, giving it a very short range of up to 10 metres (33 ft). It employs UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz. It is mainly used as an alternative to wired connections to exchange files between nearby portable devices and connect cell phones and music players with wireless headphones.

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.

<span class="mw-page-title-main">Smartphone</span> Handheld mobile device

A smartphone, often simply called a phone, is a mobile device that combines the functionality of a traditional mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multimedia playback and streaming. Smartphones have built-in cameras, GPS navigation, and support for various communication methods, including voice calls, text messaging, and internet-based messaging apps.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Zombie (computing)</span> Compromised computer used for malicious tasks on a network

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

<span class="mw-page-title-main">Bluejacking</span> Sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol.

<span class="mw-page-title-main">ILOVEYOU</span> Computer worm

ILOVEYOU, sometimes referred to as the Love Bug or Loveletter, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

<span class="mw-page-title-main">Mobile phone feature</span> Mobile phone capability or application

A mobile phone feature is a capability, service, or application that a mobile phone offers to its users. Mobile phones are often referred to as feature phones, and offer basic telephony. Handsets with more advanced computing ability through the use of native code try to differentiate their own products by implementing additional functions to make them more attractive to consumers. This has led to great innovation in mobile phone development over the past 20 years.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">Nokia N80</span> 3G slider mobile phone released by Nokia in 2005

The Nokia N80 is a 3G mobile phone from Nokia announced on November 2, 2005, part of the multimedia Nseries line. It runs on Symbian OS v9.1 and the S60 3rd Edition interface. It was first released in June 2006.

The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software, but a 2011 report concluded that additional measures on top of antivirus software were needed.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Symbian</span> Discontinued mobile operating system

Symbian was a mobile operating system (OS) and computing platform designed for smartphones. It was originally developed as a proprietary software OS for personal digital assistants in 1998 by the Symbian Ltd. consortium. Symbian OS is a descendant of Psion's EPOC, and was released exclusively on ARM processors, although an unreleased x86 port existed. Symbian was used by many major mobile phone brands, like Samsung, Motorola, Sony Ericsson, and above all by Nokia. It was also prevalent in Japan by brands including Fujitsu, Sharp and Mitsubishi. As a pioneer that established the smartphone industry, it was the most popular smartphone OS on a worldwide average until the end of 2010, at a time when smartphones were in limited use, when it was overtaken by iOS and Android. It was notably less popular in North America.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Commwarrior is a Symbian Bluetooth worm that was the first to spread via Multimedia Messaging Service (MMS) and Bluetooth. The worm affects only the Nokia Series 60 software platform.

Ikee was a worm that spread by Secure Shell connections between jailbroken iPhones. It was discovered in 2009 and changed wallpapers to a photo of Rick Astley. The code from Ikee was later used to make a more malicious iPhone malware, called Duh.

HummingBad is Android malware, discovered by Check Point in February 2016.

References

  1. Hypponen, M. (2006), "Malware Goes Mobile, Scientific American, November 2006", Scientific American, 295 (5): 70–77, doi:10.1038/scientificamerican1106-70, PMID   17076086
  2. Cabir: the first virus for smartphones is now 10 years old, 13 August 2014, archived from the original on 2021-12-22, retrieved 2019-09-26
  3. "Cure for phone virus". 21 June 2004.
  4. Securelist
  5. 10 years since the first smartphone malware – to the day