Worm Developed for Nokia Series-60 Phones

Tuxedo Jack writes "It had to happen. The first worm designed specifically for cellular phones has been developed, and Cabir appears to be a way of effectively killing Nokia Series-60 cellular phones via shortening the battery life due to scanning for nearby Bluetooth devices and propagating itself. This still relies on a user to open it, so hopefully that won't be many, and those that do must use a file manager to find and kill the worm. At least it isn't a dialer!"

K.I.S.S. - simplicity is key

[ack154]

I'd just like to say that this is why it's still nice to have a phone with relatively limited features - well, that and it's a Motorola (T720). I don't have to worry about the Bluetooth stuff, and I don't even have web access activated on it.

Also, according to the SARC article linked - this worm will attack any bluetooth device that it finds in it's range - not just phones - SARC uses a printer as an example, but what about those nice bluetooth mice/keyboards and PDAs, etc?

They have an image of the phone with the message displayed on it too.

Re:K.I.S.S. - simplicity is key

[boskone]

umm, the t720 is a hugely complicated phone. It can browse the web, display pictures, play games. I would not classify it as "basic" even though newer phones do more.

as an aside, does yours ever lock up so hard that you have to pop the battery out to reset it?

Re:Semantics

[shird]

No.. that would make it a trojan.

The definition of a worm isn't to do with whether or not it needs a user to run it - its just about whether it propgates via a network by itself rather than having users do the spreading.

A virus hides itself in other executables and runs itself via proxy with the user not realising it. But it gernerally requires the user to do the distribution (generally without realising it).

A trojan is simply a program which is malicous but pretends to be something else. If it happens to spread itself when run that doesn't make it a worm or a virus, but just a self spreading trojan. It would be closer to a trojan-slash-worm than a virus.

Re:Semantics

[Tranzig]

Actually the difference between viruses and worms is that worms are standalone programs while viruses need to infect other executables to be effective.

what does it prove?

[randomized]

Really, this does not prove anything. It doesn't exploit any weakness in the system and very easy to avoid.

I am not sure how many of people who have posted before actually OWN series 60 device, but let me assure you that it's not as simple as accepting somebody's bluetooth transfer.

First of all, you must have bluetooth always on and your device available to all, which is really bad idea considering that it eats your battery much faster. Battery life of the series 60 devices is pretty small as is. Having bluetooth on is sure way to kill it further.

Second, you will have to go through few steps of actually INSTALLING unsigned application. This is VERY intrusive.

Third, this thing does not auto startup. So, when your device is drained off battery, it won't run by itself as far as I can see.

All in all, very poor attempt to create a malware for Series 60. I am sure you can get much higher propagation by installing an autoexec worm inside of S60 warez releases.

Other avenue to look into is malformed MMS message that does buffer overrun and allows to execute arbitrary code. Now this would be a real baddy because you will be infected as soon as you open a message.

Nice try, but no cake.

Not only Nokia series 60 are affected...

[capmilk]

...but also other Symbain OS phones like Sony Ericsson P800/P900 and Motorola a920/a925.