News

Bluetooth worm "is a real threat" - patch available for Symbian phones

Because of its slow propagation and relatively minor damage potential, the world's Bluetooth Symbian phone users have failed to panic much over Cabir - but there are now new versions. And one uses MMS.

According to F-Secure, Mabir is a worm that operates on Symbian Series 60 devices, and is capable of spreading both over Bluetooth and MMS messages."

The threat is still limited to "users too stupid to stay out of a trap." Like Cabir - which is still active in the wild - Mabir sends an application named Caribe to the phone - but the user has to press a button saying  "Yes, install Caribe" before it can run. But where Cabir needed to find a Bluetooth phone in "discoverable" mode, Mabir can run over MMS messages.

The worm’s payload kills the worm itself; it can crash the Symbian operating system. This will force users to restore the device to factory settings, meaning a loss of applications and personal data - but also, the end of the worm's life on the device.

MMS isn't really much of a threat - yet, since just about the only thing everybody knows about it for sure, is that it doesn't work except for the lucky. Most attempts to set it up fail, and most users give up after two failed attempts. But that may change over the next six months, as operators get to grips with the problems; and at that point, the infection vector expands.

At this stage, fixing it is simple: log onto  F-Secure, and download F-Secure Mobile Anti-Virus - and follow instructions.

But never underestimate the stupidity of phone users: according to Computer Weekly, the previous form of Mabir - Cabir - has now been spotted in Luxembourg. F-Secure says this is the 20th country that it has been found in - in the wild, not in a laboratory.

 F-Secure's analysis of Mabir

Computer Weekly's  report of Cabir in Luxembourg.