Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Developed for Nokia Series-60 Phones

Posted by CmdrTaco on from the reducing-cell-phone-calls-is-not-a-bad-thing dept.

Tuxedo Jack writes "It had to happen. The first worm designed specifically for cellular phones has been developed, and Cabir appears to be a way of effectively killing Nokia Series-60 cellular phones via shortening the battery life due to scanning for nearby Bluetooth devices and propagating itself. This still relies on a user to open it, so hopefully that won't be many, and those that do must use a file manager to find and kill the worm. At least it isn't a dialer!"

24 of 260 comments (clear)

  1. Dangerous Potential by CommanderData · · Score: 5, Insightful

    It had to happen sooner or later, with people predicting the cell phone will be your next computer.

    I guess Series 60 phone owners should be thankful that it just drains battery life. What if the worm sent 80,012 text messages to everyone in your contact list! Imagine the cell network congestion and billing chaos that would ensue... Lets hope cell phone manufacturers start tweaking their phone OSes to prevent that kind of disaster in the future!

    --
    Urge to post... fading... fading... RISING!... fading... fading... gone.
    1. Re:Dangerous Potential by ePhil_One · · Score: 3, Insightful

      I'm just wondering how long it will be until they figure out how to use a cell phone as a spam relay...

      --
      You are in a maze of twisted little posts, all alike.
    2. Re:Dangerous Potential by Anonymous Coward · · Score: 2, Insightful

      I guess Series 60 phone owners should be thankful that it just drains battery life. What if the worm sent 80,012 [slashdot.org] text messages to everyone in your contact list!

      I think the last decade of viruses have shown us that this kind of behaviour is fairly rare. Worms that spread and spread well usually do some subtle task that rarely directly affects the user, but en-masse can do a great amount of work. Sending spams, harvesting email addresses, DDoSing companies. It's all activity that subtly gains someone else something. A purely descructive PC worm is a rare thing

      And these Cellphone ones will be no different, I'll guess. Perhaps they'll call some sex line to get the owners some extra calls. Once a week a $5 call... I know many cell owners who wouldn't notice that, but it's extra money in the operator's pocket.

    3. Re:Dangerous Potential by Jim_Maryland · · Score: 2, Insightful

      I guess it won't be long till we see text message spam offering Norton/McAfee/etc... Anti-Virus software for phones.

      As you've said, the worm could be the first part of a more elaborate plan. As the anti-spam and anti-virus companies get more sophisticated, the spammers and virus writers keep ahead.

    4. Re:Dangerous Potential by dave1791 · · Score: 5, Insightful

      How about a worm that set the phone to silent mode or whatever they are calling the "beep just once, shut up and vibrate" mode these days? There would actually a worm with a noble purpose.

    5. Re:Dangerous Potential by HTH+NE1 · · Score: 4, Insightful

      With the capabilities of some phones, such malware could be used to send untraceable junk faxes, spam, dDoMS (multiple services), telemarketing to numbers on the donotcall list (and gathering unlisted cell phone numbers for marketing), defeating legal phone taps, even distributed wardialing to find that elusive number for Protovision.

      Whatever nefarious purpose which would require laundering your identity onto another unwitting victim could be done with a worm infecting cell phones, especially if it can spread quickly without user interaction and can establish a channel to listen to for orders (a hacked website). We're not there yet, but it won't be much longer.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  2. Simple Fix by Brain+Stew · · Score: 5, Insightful

    Bluetooth should be turned off out of the box. If an end-user is smart enough to know they want Bluetooth, they probably won't get hit with this attack.

    --
    "Here's a spoiler: You're will die alone."-Triumph the Insult Comic Dog
    1. Re:Simple Fix by ack154 · · Score: 3, Insightful

      "Hey what's this bluetooth thing? I guess I'll just activate it to find out... Oh, shit, it looks like I got a virus." Um, I'm thinking some people probably WILL get hit with this.

  3. Yes, but how long until there is a dialer? Or... by Dagny+Taggert · · Score: 5, Insightful

    ...better yet, a dialer that propagates itself and then sends out pre-recorded sales calls. This may sound crazy now, but will it sound crazy three years from now?

    --
    Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
  4. History by Dark+Lord+Seth · · Score: 4, Insightful
    This still relies on a user to open it, so hopefully that won't be many

    Those who fail to learn from history, are condemned to repeat it.

    --
    Hate me!
  5. Oh those users... by cjellibebi · · Score: 4, Insightful
    >This still relies on a user to open it, so hopefully that won't be many.
    Famous last words...
  6. Uh, yeah. by dannyelfman · · Score: 5, Insightful
    Right, no one *EVER* opens attachments.

    ``Oh look, Johnny sent me a new ring tone''

    ZAP!

    Until software companies will devote serious time to making sure their products aren't vulnerable like this, we will continue to see these types of monkey business.

  7. And so it begins.... by hot_Karls_bad_cavern · · Score: 2, Insightful

    You network anything, it will be used by for shady purposes by unscrupulous folk. Think about that for a minute.

  8. Here we go. by ATAMAH · · Score: 4, Insightful

    I imagine that because of the cellphone frenzy there soon will be as much advertising (spam) in that medium as there is on the internet. Its just too big and too attractive a market to miss. And as cellphones get more and more features crammed into them - there will be viruses, worms, dialers. And they will be just as common.

    1. Re:Here we go. by liquidsin · · Score: 2, Insightful

      I don't think it will get as bad for a long time. Here in Canada, most people don't pay for bandwidth by the mb, but they pay for cell service by the minute. Unlimited cell plans are pretty fucking expensive, from what I've seen. So people are less likely to raise a stink over email spam or web ads than they are over cell telemarketing or sms spam, since most of us still pay per message / minute. And it's a hell of a lot easier to track down the pig fuckers spamming you over a cell network.

      --
      do not read this line twice.
    2. Re:Here we go. by frostman · · Score: 2, Insightful

      The main reason SMS-spam is so rare is because you have to pay for every SMS you send. (One exception: the network provider you are currently connected to can send you SMS-s for "free" so of course you get the occasional spam from your provider or whoever you're roaming on.)

      The next biggest reason is that SMS *requires* identification.

      Now, imagine a bunch of infected phones...

      Free SMS-spam with meaningless (since vastly distributed and zombied) originating numbers.

      Uh-oh.....

      --

      This Like That - fun with words!

  9. anti-virus software people jumping for joy by Nonillion · · Score: 5, Insightful

    I guess now the anti-virus software people now have themselves a new market to penetrate. I guess windows boxes were not enough to maintain their business model.

    --
    "I bow to no man" - Riddick
  10. Re:Yes, but how long until there is a dialer? Or.. by FinestLittleSpace · · Score: 2, Insightful

    i still sit happily with my nokia 3210. IT makes phone calls, it texts. im not sure what else i need........

  11. Who so i sue for damages ? by Anonymous Coward · · Score: 1, Insightful


    when a dialer does cost me money because of a self propogating worm due to a weakness in the phones OS (out of my control)
    do they become another microsoft get you to waive any claims due to a fault that is out of your control but their product caused it ?, no recall on this phone/OS then ?, surely the legal ramifications are boggling

  12. Engineering practice by earthforce_1 · · Score: 4, Insightful


    It has to be assumed that any system open to the general public, can be expected to come under hostile attack from hackers/spammers/criminals/terrorists. All hardware and software deployed in the field needs to be examined carefully for this. It is even more critical when you have a "monoculture" of HW/SW, since one exploit compromises the whole system.

    History has shown time and time again, hackers will expend a great deal of effort to compromise any accessible system even if just for the heck of it.

    --
    My rights don't need management.
  13. golf clap to parent by Anonymous Coward · · Score: 1, Insightful
    Congrats on choosing "especially" (meaning in particular) as opossed to "specially" (meaning peculiar or exceptional).

    Seems like noone cares about the difference, anyway...

  14. Re:Killer App by Sven+Tuerpe · · Score: 2, Insightful
    I'd say the risks outweigh the gains here.

    Don't get me wrong, being a security researcher I fully agree with the proposal to have devices that are secure out of the box. However, I doubt those devices could gain any market share against devices that are fun out of the box before any major disaster occured. Security, as well as vulnerability, tends to be invisible unless it gets in your way. The majority of the users of cellphones has no idea how vulnerable their devices are, and how it might affect them. What they are aware of are all the funny new features in their next-generation phone that shouldn't be there at all from a security point of view. In such a market, I guess, we will achieve security only after disaster.

    --
    http://erichsieht.wordpress.com/category/english/
  15. Re:Cross platform via bluetooth by Animats · · Score: 2, Insightful
    Yes. This virus will apparently attack Bluetooth-enabled printers. It's not clear how successful the attacks are. But there may be an attack route there.

    Printers are a great potential target for spammers. Visualize Viagra ads appearing on your printer.

  16. Only if the phone is running Windows. by NumbThumb · · Score: 2, Insightful

    no, seriously: if the phone is running WinCE, a VBS-Based Worm would have no problems moving from phones to computers and back. The platform-barrier would be gone.

    The same could be said about java-based phones, but i doubt a java-worm ould be very successful, because of the low-level security build into the VM.

    --
    I have discovered a truly remarkable sig which this 120 chars is too small to contain.