Finnish mobile security software firm F-Secure is warning that the Cabir mobile phone worm has now been spotted in Luxembourg.
This represents the 20th country that the worm is present in since its initial discovery in August 2004. The worm is spread over devices transmitting data over Bluetooth.
F-Secure believes that there are now around 20 variants of Cabir, which has been infecting Symbian operating system-based mobile devices in Asia, North America and Europe.
The Cabir worm is packed in a Symbian installation file (.sis) and tries to spread further over Bluetooth. When installed in a mobile device it activates automatically and starts looking for new devices that use Bluetooth.
Once Bluetooth phones in discoverable mode are found, the worm tries to replicate by sending itself to them. The worm activates, if the user of the receiving phone chooses to accept and install the received file named caribe.sis, which contains the worm.
The worm’s payload has the potential to crash a mobile device’s operating system and force users to restore the device to factory settings, meaning a loss of applications and personal data.
F-Secure is offering a patch against Cabir.