News  General

June 14, 2004: First mobile phone virus discovered

No infections have been reported and the worm is harmless, but it is the first known working proof that mobiles are at risk from virus writers. The worm, known as Cabir, infects phones and devices running the Symbian operating system. When launched, the worm seeks out available Bluetooth devices and sends itself to them in the format of an .SIS file called caribe.sis. 

The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts also believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention.


"It is a milestone in the timeline of viruses but technically is not that special," said Graham Cluley, a senior technology consultant at Sophos Anti-Virus. When the infected file is launched the mobile phone's screen displays the word "Caribe". Every time the mobile phone is turned on, the worm will launch itself and scan the area for other phones to infect, sending a copy of itself to any it finds. Mr Cluley sees it as an interesting first rather than something that needs to be of great concern to phone users.

Just how the phones were infected isn't known, but it would have been very easy, given that both were on public display in the Santa Monica, Calif., shop's window. Anyone walking past the store could have dosed the handsets via their built-in Bluetooth antennas. In announcing the infection, antivirus company F-Secure did not specify exactly when the infections were discovered.

While the worm is considered harmless because it replicates but does not perform any other activity, it will result in shortened battery life on portable devices due to constant scanning for other Bluetooth enabled devices. Mabir, a variant of Cabir, is capable of spreading not only via Bluetooth but also via MMS. By sending out copies of itself as a .sis file over cellular networks, it can affect even users who are outside the 10m range of Bluetooth.