SUB-S0NIX

"Cabir" Cellular Worm

19 posts in this topic

p2pnet.net News:- The first in-the-wild sighting of the Cabir mobile virus has been made in the US.

The ‘sighting’ was in California, says F-Secure..

But, “This is not going to be the end of the world,” says research director Mikko Hypponen.

“The common Cabir variants have been proved to be very slow in spreading in-the-wild.

“Also, Symbian-based phones probably aren't as common in USA as elsewhere yet (then again, Symbian has over 80% global market share in the operating systems of new phone shipments).”

The company says countries which have become unwilling hosts to Cabir include the Philippines; Singapore; UAE; China; India; Finland; Vietnam; Turkey; Russia; the UK; and, the USA, says F-Secure, which recently identified two Cabir variants affecting Symbian Series 60 phones.

Its timeline of events taking in e-parasites with a taste for mobiles goes like this:

In spring 2004, a trojanized game called Mosquitos was found. It secretly sent messages to expensive toll numbers, creating invisible costs for the user.

June 15th: Cabir worm was found. Cabir is a worm that replicates over-the-air using bluetooth connections.

June 16th: Cabir.B is found. This new variant had minor differences compared to the original.

During the autumn, Cabir.B started spreading in the wild. It has been detected in several countries since, including China, India, Turkey, Philippines and Finland. It continues spreading today, travelling from one country to another as people with infected phones travel.

November 19th: Skulls.A trojan is found. It replaces icons on the phone with skull images, making the phone almost useless.

November 29th: Skulls.B is found

December 9th: Cabir.C is found

December 9th: Cabir.D is found

December 9th: Cabir.E is found

December 21st: Skulls.C is found

December 21st: Cabir.F is found

December 21st: Cabir.G is found

***************** Fom F-Secure.org/weblog/ *****************

Well, it had to happen sooner or later. We've just heard about the first in-the-wild sighting of Cabir in USA. This was in California.

This is not going to be the end of the world; the common Cabir variants have been proved to be very slow in spreading in-the-wild. Also, Symbian-based phones probably aren't as common in USA as elsewhere yet (then again, Symbian has over 80% global market share in the operating systems of new phone shipments).

According to our notes, the list of countries Cabir has been spotted in so far looks like this:

1. Philippines

2. Singapore

3. UAE

4. China

5. India

6. Finland

7. Vietnam

8. Turkey

9. Russia

10. UK

11. USA

Image: http://www.f-secure.com/weblog/archives/cabirworld.jpg

PS. We've been getting several reports of Cabir from downtown Moscow. Apparently it's fairly common to get a Cabir file offer if you walk around with your bluetooth enabled. We haven't been able to confirm which variant of Cabir this is.

PS2. The 3GSM World Congress 2005 started today in Cannes. This is the biggest conference on mobile issues, and mobile phone security is expected to be one of the hottest topics this year.

---------------------------------------------------------------------------

I thought I would just post this for those with those blue tooth phones. Also has any one ever caught one of these worms? It would be interesting to get ahold of a infected phone and use a data cable and some software to copy the worm. Hell I bet some people are placing BlueTooth HotSpots that scan for vulnerable phones and infect the phone. Thats what I would do if I were a malicious user.

0

Share this post


Link to post
Share on other sites

Yay i'm a psychic, i predicted that there would be a bluetooth worm in the future for those of you know listen to endif.

0

Share this post


Link to post
Share on other sites
Yay i'm a psychic, i predicted that there would be a bluetooth worm in the future for those of you know listen to endif.

EndIf started... when?

June 15th: Cabir worm was found. Cabir is a worm that replicates over-the-air using bluetooth connections.

Whoops Waaaaaaaaaaaaaayyyyy to go out on a limb there.... :D

(This article just points out a new /variant/ of Cabir)

0

Share this post


Link to post
Share on other sites

lol check out hackermedia, th elink in my sig, or the hackerradio section here. It was in episode 2. I did a whole segment on blue snarfing.

0

Share this post


Link to post
Share on other sites

BR's point was that your show started six months after the worm had already been found and documented.

0

Share this post


Link to post
Share on other sites

This is what spreads when phreakers sneeze without covering their mouths.

0

Share this post


Link to post
Share on other sites

Did you hear about the people in the Philipines that were making money off a virus that no one had problems with back in August? Dont remember which one it was....

0

Share this post


Link to post
Share on other sites
This is what spreads when phreakers sneeze without covering their mouths.

i thought that sounded more like "BLYEACHUGHHH"

0

Share this post


Link to post
Share on other sites
BR's point was that your show started six months after the worm had already been found and documented.

stop shooting down my dreams of being a psychic. But ya. I'm really suprised there there hasn't been a lot more talk about this since its seems to be one of the first. As far as i know at least there hasn't been a lot of talk. It will be interesting to see what happens anti-virus wise in the next few years for cell phones as they are getting more and more memory and faster. Especially with the palm type phones like the trio.

0

Share this post


Link to post
Share on other sites

I do agree Spaz, it is just another thing to deal with in this techno age we live in.

But as the article said:

In spring 2004, a trojanized game called Mosquitos was found. It secretly sent messages to expensive toll numbers, creating invisible costs for the user.

In a sense those TOLL NUMBERS were probably owned by the mobile viri writer, which in turn creating a get rich quick skeam. This also reminds me of a article I read about back in the day when pagers were popular, some guy got a hold of a shit load of pager numbers and set up a 900 # for like 5$ per minute. He would then page his shit load of pagers and people would call the 900 # not knowing they were going to be charged. The article said the guy made a good 10 G$ in one month of his skeam, he ended up getting caught because of course some one caught on.

I have never expierenced a BlueTooth phone or have exploited one and executed such hacks that are known for vulnerable phones but it could be possible to make a BlueTooth enabled phone call a desired 900 # and one could rank in some $$ fast.

Yo Renegade can you go more into detail about what your talking about?

Edited by SUB-S0NIX
0

Share this post


Link to post
Share on other sites

have to see if I can find it. BUt they were tellin people they had a virus on their cell, and makin them pay like 20$ to fix it. When in reality nothing was wrong. All because there was said to be a virus out there. I wanna move to the philipines and make money.

Wanna go with toilet boy.....

0

Share this post


Link to post
Share on other sites

In a sense those TOLL NUMBERS were probably owned by the mobile viri writer, which in turn creating a get rich quick skeam. This also reminds me of a article I read about back in the day when pagers were popular, some guy got a hold of a shit load of pager numbers and set up a 900 # for like 5$ per minute. He would then page his shit load of pagers and people would call the 900 # not knowing they were going to be charged. The article said the guy made a good 10 G$ in one month of his skeam, he ended up getting caught because of course some one caught on.

I have never expierenced a BlueTooth phone or have exploited one and executed such hacks that are known for vulnerable phones but it could be possible to make a BlueTooth enabled phone call a desired 900 # and one could rank in some $$ fast.

Yo Renegade can you go more into detail about what your talking about?

WTF, how do people call A 900 NUMBER, hear an announcment of how much they will be charged, stay on the line, and then complain they dont know where charges came from!

0

Share this post


Link to post
Share on other sites

I don't think all 900 numbers will tell you how much you're being charged. Anyway, maybe this guy was paging people with an 800 number that led to a 900 number?

0

Share this post


Link to post
Share on other sites

Or it could be outside the NANPA where everything you know is wrong.

My guess it was just crazy LD numbers, and probably a 13 year old did it to prove that he could. :)

And GIJoe, the numbers can be dialed without the owners knowledge.

0

Share this post


Link to post
Share on other sites

What ever happened to blue boxing, red boxing and dumpster diving. Thats a phreek age I wish I could live in forever. Easy to mess wih payphones and easy to mess with numbers. This is another case of white hat black hat style learning if you think of it.

Edited by Spaz101
0

Share this post


Link to post
Share on other sites

The d-diving and nmbers will still be around for some time I feel, but soon, hacking and phreaking will be one, sad? kinda...

0

Share this post


Link to post
Share on other sites
He would then page his shit load of pagers and people would call the 900 # not knowing they were going to be charged.

I know BlackRachet, this is the part I was talking about

0

Share this post


Link to post
Share on other sites
The d-diving and nmbers will still be around for some time I feel, but soon, hacking and phreaking will be one, sad? kinda...

Well I still dive but im waiting to see people hack the net on a cell and put out proxies on a cel or something of that sort. cyber punk style

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now