Source Code for Cabir Cell Phone Worm Released

Mobile anti-virus vendors are bracing for new and potentially dangerous mutants of the Cabir smart-phone worm.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Anti-virus vendors are bracing for a deluge of new and potentially dangerous mutants of the Cabir worm on smart phones running the Symbian Series 60 software.

Thats because the source code used to create the original Cabir worm has been posted on the Internet by a member of an international virus-writing group.

According to an advisory from Kaspersky Lab senior virus analyst Aleks Gostev, the Cabir source code was previously accessible only to a limited number of people, including members of 29A, an international virus-writing group.

"It was a 29A member who wrote the original version of Cabir. We think it was planned to publish the source code in the next edition of the groups electronic journal. However, it looks that someone has already got access to the code, and now its public. This will lead to a lot of new versions of Cabir, which has already been detected in the wild in 7 countries," Gostev said.

According to information released by security research firm F-Secure, at least seven Cabir variants and one new strain of the Skulls Trojan have been detected this month alone.

The first Cabir worm was discovered in June.

F-Secure virus tracker Jarno Niemela said all the new variants appear to be recompiled versions based on original Cabir source code, confirming fears that the source code has been made public.

Even more ominously, the new variants fix a flaw that slowed down the speed at which the original Cabir was able to spread. The worm, which replicates over Bluetooth connections, was originally programmed to spread to one new phone per reboot, but the new variants have been tweaked to an unlimited number of phones per reboot, Niemela said in an alert.

/zimages/6/28571.gifClick here to read about another Trojan aimed at Symbian-based phones.

"As soon as a suitable target phone is seen, the worm sends itself there as a Bluetooth file transmission and keeps sending itself to that phone while it is still in range. Once the target phone leaves the area, [the new variant] will find a new target and continue spreading," he explained.

Even though the worm has not been directly destructive or malicious, it is capable of blocking normal Bluetooth connectivity and completely draining the battery power from the infected phone.

In recent months, malicious hackers have used the Skulls Trojan to infect Symbian-based phones with the Cabir worm.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.