Cabir’s first year

Today, Cabir celebrates its first birthday. One year ago, 29a sent a sample of their latest creation to AV vendors worldwide via Virusbuster, a Spanish virus collector. Kaspersky Lab was first to detect this proof of concept malware, which turned out to be a worm that targeted mobile phones running under the Symbian 60 OS with Bluetooth capabilities.

The source code for the original Cabir appeared on the Net in late December 2004, which led to a number of copycat variants appearing in the wild. Cabir infections have been registered in over 30 countries to date.

In addition, there are now close to 100 malicious programs targeting mobile phones, most of which are Trojans. This highlights two important aspects: operating systems for mobile devices are very insecure thus far, and users need to realize that mobile devices are vulnerable to the same type of attacks as regular PCs.

So, how soon will it be before the proof-of-concept trickle turns into a flood? It’s difficult to be sure. However, there are two issues to consider. First, experience has shown that malware authors target systems that are commonly used. Ownership of mobile devices hasn’t yet reached critical mass; but when it does, they will prove an irresistible target. Second, it’s clear from developments during the last two years that the computer underground has realized the potential for making money from malicious code in a world where Internet connectivity has become central to business.

Today’s threats are largely geared towards making money illegally: through fraud, unwanted advertising (including spam) and extortion. Since mobile devices offer users the same capabilities as PCs, they also offer the same rewards for the criminal underground.