Two new versions of the cell phone virus Cabir have been detected by Finnish security company F-Secure, which said December 28 that the source codes may actually be posted somewhere in cyberspace.
"[T]hese new variants seem to be recompiled versions based on original Cabir source code," F-Secure analyst Antti Vihavainen said in an announcement of Cabir.H and Cabir.I. "Which means that the Cabir source code is floating around in the underground. Which is bad news. We didn't know the sources were out there, and we've never seen them.
"[T]hese new Cabir variants fix a flaw that was slowing down original Cabir's spreading speed," Vihavainen continued. "Cabir originally would only spread to one new phone per reboot. Which explains why it so far has only managed to spread to eight countries (as far as we know), despite being in the wild for months already."
The worm sends itself as a Bluetooth file transmission to suitable target cell phones, F-Secure said, and keeps sending to the phone while it remains within range, finding new targets once the first target phone leaves range. And when people move around and new phones come in contact with each other, F-Secure continued, Cabir.H and Cabir.I can spread that much quicker.
The original Cabir was discovered on specially-formatted Symbian operating systems in June.
"[T]hese new Cabirs don't do anything directly destructive or malicious," Vihavainen said. "However, they do block all normal Bluetooth connectivity and they also drain the infected phones battery very fast. We have no reports of Cabir.H and Cabir.I in the wild yet. However, this is probably only a matter of time, as the virus writer behind these variants has publicly posted them on his Web page."
Since the original Cabir.A and Cabir.B were discovered in June, six Cabir variants were discovered prior to Cabir.H and Cabir.I, F-Secure said, as well as other bugs aimed at Symbian/Bluetooth systems, particularly three variants of a Trojan horse known as Skulls.
Vihavainen said these may be just the beginning of a new future of bug attacks against smartphones, including Trojans in games, screen savers, and other applications that could cause false billing, unwanted disclosure of stored information, and deleted or stolen user information.
"The best way to protect a smartphone against harmful content is to install automated antivirus software to the phone," Vihavainen said. "This is also the only way to get full protection against viruses that try to enter the phone for example over Bluetooth or Internet connections."
