Viruses move to mobile phones (Cabir) Bluetooth
15 June 2004, 12:05 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
Viruses move to mobile phones (Cabir) Bluetooth
AV vendors are reporting a proof of concept for Nokia Series 60 phones
It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).
from Symantec
http://securityresponse.symantec.com...poc.cabir.html
EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones. It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).
The worm spreads as a .SIS file, which is automatically installed into the "APPS" directory when the receiver accepts the transmission. Upon execution, it will display a message then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted, so it continues to work even if the files are deleted from the APPS directory.
Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Type: Worm
Infection Length: 15104 (caribe.sis), 11944 (caribe.app), 11498 (flo.mdl), 44 (caribe.rsc)
Systems Affected: EPOC
It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).
from Symantec
http://securityresponse.symantec.com...poc.cabir.html
EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones. It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).
The worm spreads as a .SIS file, which is automatically installed into the "APPS" directory when the receiver accepts the transmission. Upon execution, it will display a message then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted, so it continues to work even if the files are deleted from the APPS directory.
Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
Type: Worm
Infection Length: 15104 (caribe.sis), 11944 (caribe.app), 11498 (flo.mdl), 44 (caribe.rsc)
Systems Affected: EPOC
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM
shorty87
Wheels And Tyres For Sale
0
29 September 2015 02:18 PM