[Dshield] CELL PHONE WORM : EPOC_CABIR.A (proof of concept)

Anu Nayar anu.nayar.j8nl at statefarm.com
Tue Jun 15 20:39:08 GMT 2004


Worm Name: EPOC_CABIR.A
Aliases: EPOC.CABIR
Risk Rating: Low


Brief Description: 
This proof-of-concept worm spreads through BLUETOOTH-enabled devices. It
arrives as a .SIS file and installs itself in the APPS folder.

Its Product ID is set to (0x101F6F88), which basically targets Series 60
v0.9. The said setting is the most common and conservative choice for a
basic application because it is compatible to all existing Series 60
devices.

Here are some of the affected mobile phones:

Nokia 7650 
Nokia 7610 
Nokia 6620 
Nokia 6600 
Nokia 3650, 3600 
Nokia 3660, 3620 
Nokia N-Gage 
Panasonic X700 
Siemens SX1 
Sendo X 


In the Wild: Yes
Discovered: 6/15/2004
Detection available since: 6/15/2004
Language: English
Platform: Nokia Series 60
Encrypted: No
Size of virus: 15,092 Bytes

Details: 
Arrival and Installation 

This proof-of-concept worm spreads through BLUETOOTH-enabled devices. 

When it arrives, a series of messages appear. These messages warn the user
of the possible malicious nature of the file before finally being installed.

Product/Platform Compatibility

This worm has its Product ID set to (0x101F6F88), which basically targets
Series 60 v0.9. The said setting is the most common and conservative choice
for a basic application because it is compatible to all existing Series 60
devices.

Some Series 60 devices are as follows: 

Phones based on Nokia Series 60 Developer Platform 2.0:

Nokia 7610 
Nokia 6620 
Nokia 6600 
Panasonic X700 

Phones based on Nokia Series 60 Developer Platform 1.0:

Nokia 7650 
Nokia 3650, 3600 
Nokia 3660, 3620 
Nokia N-Gage 
Siemens SX1 
Sendo X 






More information about the list mailing list