F-Secure finds 2 Cabir variants
p2pnet.net News:- F-Secure says it’s found two bad news Cabir variants affecting Symbian Series 60 phones.
Posting on the company’s blog, Jarno says:
“First of all, these new variants seem to be recompiled versions based on original Cabir source code. Which means that the Cabir source code is floating around in the underground. Which is bad news. We didn’t know the sources were out there, and we’ve never seen them.
“Second important difference is that these new Cabir variants fix a flaw that was slowing down original Cabir’s spreading speed. Cabir originally would only spread to one new phone per reboot. Which explains why it so far has only managed to spread to eight countries (as far as we know), despite being in the wild for months already.”
Cabir.H and Cabir.I can spread to an unlimited number of phones per reboot, Jarno says, going on:
“ As soon as a suitable target phone is seen, the worm sends itself there as a Bluetooth file transmission and keeps sending itself to that phone while it is still in range. Once the target phone leaves the area, Cabir.H will find a new target and continue spreading. This means that in conditions where people move around and new phones come in conctact with each other, the Cabir.H and Cabir.I can spread quite rapidly.”
The new Cabirs aren’t directly destructive or malicious, but they do block all normal Bluetooth connectivity and drain the infected phones batteries – fast.
Jarno adds that F-Secure hasn’t yet seen reports of Cabir.H or Cabir.I in the wild, but it’s, “probably only a matter of time” because the author has publicly posted them on his web page.
===================
See:-
company’s blog - Evolution in Cabir variants, F-Secure, December 27, 2004
