Antivirus company Kaspersky Labs Ltd. said on Monday that it discovered the first-ever computer virus capable of spreading over mobile phone networks.
Cabir is a network worm that infects phones running the Symbian mobile phone operating system by Symbian Ltd. No infections have been reported. Cabir may be a proof of concept worm from an international group of virus writers known as 29a that is credited with the release of a recent virus, “Rugrat,” that targets Windows 64 bit operating systems, the Moscow-based company said.
Cabir spreads between mobile phones using a specially formatted Symbian operating system distribution (or SIS) file disguised as a security management utility. When the infected file is launched, the mobile phone’s screen displays the word “Caribe” and the worm modifies the Symbian operating system so that Cabir is started each time the phone is turned on.
Once it has infected a mobile phone, Cabir scans for other vulnerable phones using Bluetooth wireless technology, then sends a copy of itself to the first vulnerable phone it finds, Kaspersky said.
Nokia Corp. phones that use the Symbian operating system are vulnerable to the worm. Handsets made by other manufacturers may also be susceptible to Cabir, Kaspersky said.
The virus does not appear to have any malicious payload, which is consistent with other viruses, including Rugrat, that are believed to come from the 29a group, Kaspersky said.
In May, researchers from Symantec Corp. identified W634.Rugrat.3344 and linked it to a family of six viruses called W32.Chiton.gen that are all believed to be the work of the same author or group of authors. Each virus in the family demonstrates a different “first ever” infection technique, including W32.Shrug, the first known virus to use the Thread Local Storage structures in Windows NT, 2000 and XP to run virus code, and W32.Chthon, the first virus to run as a native application in Windows NT, 2000 and XP, Symantec said.
No other leading antivirus makers including Symantec Corp., Network Associates Inc. and Sophos PLC had issued advisories about Cabir late Monday.