Anti-virus company Kaspersky Labs has discovered the first-ever computer virus capable of spreading over mobile...
Cabir is a network worm that infects phones running the Symbian mobile phone operating system. However, no infections have been reported.
This may be a proof of concept worm from an international group of virus writers known as 29a that is credited with the release of a recent virus, "Rugrat", which targets Windows 64-bit operating systems.
Cabir spreads between mobile phones using a specially formatted Symbian operating system distribution (or SIS) file disguised as a security management utility. When the infected file is launched, the mobile phone's screen displays the word "Caribe" and the worm modifies the Symbian operating system so that Cabir is started each time the phone is turned on.
Once it has infected a mobile phone, Cabir scans for other vulnerable phones using Bluetooth wireless technology, then sends a copy of itself to the first vulnerable phone it finds.
Nokia phones which use the Symbian operating system are vulnerable to the worm. Handsets made by other manufacturers may also be susceptible to Cabir.
The virus does not appear to have any malicious payload, which is consistent with other viruses, including Rugrat, which are believed to come from the 29a group.
In May, researchers from Symantec identified W634.Rugrat.3344 and linked it to a family of six viruses called W32.Chiton.gen which are all believed to be the work of the same author or group of authors.
Each virus in the family demonstrates a different "first ever" infection technique, including W32.Shrug, the first known virus to use the Thread Local Storage structures in Windows NT, 2000 and XP to run virus code, and W32.Chthon, the first virus to run as a native application in Windows NT, 2000 and XP.
No other leading anti-virus makers including Symantec, Network Associates and Sophos have issued advisories about Cabir.
Paul Roberts writes for IDG News Service