Synopsis:
Cabir is a Symbian Series 60 worm that uses Bluetooth to spread itself to different devices. Once installed, it searches for nearby devices set in Bluetooth "Discoverable Mode" and if such a device is found, Cabir sends itself to target device. When the user of target device chooses to install Caribe.sis, Cabir will begin execution via auostart settings, and will begin to look for new devices to infect via Bluetooth.
Cabir can only send to one device per activation/reboot. This means each time the infected device is turned on, Cabir will search for nearby active Bluetooth devices. Cabir will then send itself to the first device it finds. The SIS file is always sent with the name Caribe.sis.
|
| |
|
 |
 |
| |
|
|
Other than propogating itself via Bluetooth, Cabir does not have any other inherently malicious effects. However due to its searching via Bluetooth, the infected phone may behave in an unstable manner.
Note that for the infection to spread the user must accept the connection on which the worm is sent. Cabir is detected by the SMobile VirusGuard detection engine. |
Cabir.Dropper: Cabir.Dropper is a trojan that drops the Caribe.sis file on the device.
CDropper is detected by SMobile VirusGuard Detection Engine. |
Variants in the CDropper family:
CDropper.B
CDropper.C
CDropper.D
CDropper.E
CDropper.F
CDropper.I
CDropper.J
Cdropper.K
|
Write Up: David P. 5.10.2006 |
