17 June 2004 06:40
Kaspersky Unearths Cellphone Worm
Cyber-security specialist Kaspersky Labs has unearthed what is believed to be the world's first computer worm
designed to attack cellphones.
The caustic code targets high-tech Nokia "smart phones" that run on an operating system called Symbian and
sends itself to other phones using Bluetooth, a short-range wireless transmitter standard on some phones, said Denis
Zenkin, head of corporate communications at Moscow-based Kaspersky, on Wednesday.
Zenkin said the self-propagating virus was e-mailed to Kaspersky engineers anonymously late Monday, possibly by the
renegade programmers who wrote it, or by someone in the computer underground scene who wanted to draw attention to the
achievement.
A Spanish-based hacking group called 29A, which says it has members in Russia, Brazil and the Czech Republic, claims
to have created the worm. According to the group's web site, a new member named Vallez masterminded the
project.
The virus causes the word "Caribe," Spanish for Caribbean, to appear on the display panel of infected
phones.
Kaspersky, however, has exercised its unwritten right as the "discoverer" of the virus to rename it.
"We are not subject to the demands or wishes of a virus writer," company spokesman Alexei Zernov said.
Cabir, as the worm will henceforth be known in tech circles, may be revolutionary in targeting cellphones, but it
appears to be relatively benign compared to more traditional viruses. Aside from causing either "Caribe" or
"Caribe-VZ/29A" to appear on the screen of a stricken phone, the only other malicious act the code commits is
running down the battery by telling the phone to search continuously for other phones to infect via Bluetooth.
"We don't expect this worm to cause any kind of global outbreak," Zenkin said Wednesday. "The
Bluetooth technology it uses for spreading is mainly popular with IT professionals."
In what appears to be a mission statement, 29A wrote on its web site that its goal is not to cause damage, but to
create innovative viruses.
"We code viruses for the fun of it, because it's our hobby. Not because we want to harm other people or get
ourselves into intentional trouble," the statement said. "In general, we're against destructive payloads
and the spreading of viruses, but we do not forbid our members ... to include destructive payloads in their viruses nor
do we forbid our members to spread viruses."
While the dangers Cabir presents appear to be limited, cyber-security specialists were alarmed by the development,
saying that it paves the way for more destructive breeds of phone viruses.
"This is something everybody has been afraid of," said Steve Rabette, director of the Moscow-based FastNet
Solutions, a network support and security firm. "It's been predicted over the last 18 months that there will
be viruses for mobile phones."
Zenkin said that smart phones are complex enough to allow for elaborate and dangerous viruses.
"There's no great difference between a smart phone and an ordinary computer," Zenkin said. "Just
size. All the functions are really the same."
A cross-platform virus -- which could affect other brands that use Symbian software, including Siemens and Sony
Ericsson -- is right around the corner, Zenkin said.
A phone worm could be as sophisticated -- and damaging -- as a computer virus, Zenkin said.
"It's very possible to add functionality that can steal confidential information, address books, notes and
credit card information stored on your smart phone," Zenkin said.
Rabette, however, said that Cabir, though revolutionary, is not an easy virus to pick up.
Bluetooth, a radio transmission system that works on cellphones, as well as in some wireless computer systems, is
designed to have a range of about 10 meters, Rabette said.
Besides the range restriction, any transmission made with Bluetooth has to be approved manually by the cellphone
user. "Don't accept anything from somebody you don't know," Rabette said.
Bluetooth also has a "discoverability" feature that can make it invisible to other phones, Rabette
said.
Still, Rabette said that the existence of Cabir means more dangerous phone viruses would likely come along.
But such viruses will likely only affect relatively sophisticated phones.
"We don't expect malicious programs to appear on so-called 'traditional' mobile phones,"
Zenkin said. "Users cannot create their own applications. The system is closed, unlike in smart phones."
.TX-..**********************************************
[The Moscow Times] |
RUSSIA IN FACTS
