Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Worm Developed for Nokia Series-60 Phones 260

Posted by CmdrTaco from the reducing-cell-phone-calls-is-not-a-bad-thing dept.
Tuxedo Jack writes "It had to happen. The first worm designed specifically for cellular phones has been developed, and Cabir appears to be a way of effectively killing Nokia Series-60 cellular phones via shortening the battery life due to scanning for nearby Bluetooth devices and propagating itself. This still relies on a user to open it, so hopefully that won't be many, and those that do must use a file manager to find and kill the worm. At least it isn't a dialer!"
This discussion has been archived. No new comments can be posted.

Worm Developed for Nokia Series-60 Phones More

Worm Developed for Nokia Series-60 Phones

Comments Filter:

  • Dangerous Potential (Score:5, Insightful)

    by CommanderData ( 782739 ) * <kevinhi@yaho[ ]om ['o.c' in gap]> on Tuesday June 15, 2004 @10:04AM (#9429222)
    It had to happen sooner or later, with people predicting the cell phone will be your next computer [slashdot.org].

    I guess Series 60 phone owners should be thankful that it just drains battery life. What if the worm sent 80,012 [slashdot.org] text messages to everyone in your contact list! Imagine the cell network congestion and billing chaos that would ensue... Lets hope cell phone manufacturers start tweaking their phone OSes to prevent that kind of disaster in the future!

    • Re:Dangerous Potential (Score:4, Insightful)

      by ePhil_One ( 634771 ) on Tuesday June 15, 2004 @10:08AM (#9429261) Journal
      I'm just wondering how long it will be until they figure out how to use a cell phone as a spam relay...

    • Re:Dangerous Potential (Score:2, Insightful)

      by Anonymous Coward
      I guess Series 60 phone owners should be thankful that it just drains battery life. What if the worm sent 80,012 [slashdot.org] text messages to everyone in your contact list!

      I think the last decade of viruses have shown us that this kind of behaviour is fairly rare. Worms that spread and spread well usually do some subtle task that rarely directly affects the user, but en-masse can do a great amount of work. Sending spams, harvesting email addresses, DDoSing companies. It's all activity that subtly gains

      • Re:Dangerous Potential (Score:4, Interesting)

        by CommanderData ( 782739 ) * <kevinhi@yaho[ ]om ['o.c' in gap]> on Tuesday June 15, 2004 @10:15AM (#9429352)
        I would agree that silently spreading could work to it's advantage. If you combine the two concepts with a time-bomb that causes the code to execute at a certain future date it could be even more of a problem. Every cell tower everywhere overloaded with messaging and calls on April 1st, 2005 for example.
        • I guess it won't be long till we see text message spam offering Norton/McAfee/etc... Anti-Virus software for phones.

          As you've said, the worm could be the first part of a more elaborate plan. As the anti-spam and anti-virus companies get more sophisticated, the spammers and virus writers keep ahead.

        • Re:Dangerous Potential (Score:4, Interesting)

          by mikael ( 484 ) on Tuesday June 15, 2004 @10:40AM (#9429619)
          Fortunately, people are discarding their old mobile phones, and buying new ones every six months. At least, users aren't able to save application programs in SIM card memory. I always wonder why thin client mobile phones (where everything is stored on a server, rather than on the phone itself) haven't taken off.

      • Re:Dangerous Potential (Score:5, Insightful)

        by HTH NE1 ( 675604 ) on Tuesday June 15, 2004 @11:40AM (#9430370)
        With the capabilities of some phones, such malware could be used to send untraceable junk faxes, spam, dDoMS (multiple services), telemarketing to numbers on the donotcall list (and gathering unlisted cell phone numbers for marketing), defeating legal phone taps, even distributed wardialing to find that elusive number for Protovision.

        Whatever nefarious purpose which would require laundering your identity onto another unwitting victim could be done with a worm infecting cell phones, especially if it can spread quickly without user interaction and can establish a channel to listen to for orders (a hacked website). We're not there yet, but it won't be much longer.
    • Lets hope cell phone manufacturers start tweaking their phone OSes to prevent that kind of disaster in the future!

      Or lets hope that everyone starts tweaking their OSes to prevent that kind of disaster in the future!

    • Proof of Concept == NOT in the wild (Score:4, Informative)

      by ericspinder ( 146776 ) on Tuesday June 15, 2004 @11:29AM (#9430237) Journal
      # Number of infections: 0 - 49

      # Number of sites: 0 - 2
      # Geographical distribution: Low
      # Threat containment: Easy
      # Removal: Moderate
      Yes, proof of concepts are usually converted to full blown viruses/worms/trojans pretty quickly, but I see a number of mitigating factors for this kind of attack:
      • Bluetooth has a 30 ft range.
      • by shorting battery life users will be less likely to carry it to remote systems (a dead phone cannot transmit it).
      • Bluetooth connections must be accepted.
      • The file also must be accepted.
      It is very similar to a virus being spread by email attachments. Most likely the only fix for this would be a stronger warning on the phone when a file is being passed from a Bluetooth connection.

  • Site is down... (Score:4, Informative)

    by Mz6 ( 741941 ) * on Tuesday June 15, 2004 @10:05AM (#9429223) Journal
    Well... I couldn't get the Symantec site to come up.. Is Anyone else having similar problems?

    After searching Google news and other sources I could not find a similar story anywhere besides this similar story posted on ZDnet Australia [zdnet.com.au]. The only problem is that it was dated back 10 February 2004. Not sure if it's the same story... or same worm but worth a read for those that cannot get out to Symantec.

  • K.I.S.S. - simplicity is key (Score:5, Informative)

    by ack154 ( 591432 ) * on Tuesday June 15, 2004 @10:05AM (#9429224)
    I'd just like to say that this is why it's still nice to have a phone with relatively limited features - well, that and it's a Motorola (T720). I don't have to worry about the Bluetooth stuff, and I don't even have web access activated on it.

    Also, according to the SARC article linked - this worm will attack any bluetooth device that it finds in it's range - not just phones - SARC uses a printer as an example, but what about those nice bluetooth mice/keyboards and PDAs, etc?

    They have an image of the phone [symantec.com] with the message displayed on it too.

    • Re:K.I.S.S. - simplicity is key (Score:5, Informative)

      by boskone ( 234014 ) on Tuesday June 15, 2004 @10:14AM (#9429342)
      umm, the t720 is a hugely complicated phone. It can browse the web, display pictures, play games. I would not classify it as "basic" even though newer phones do more.

      as an aside, does yours ever lock up so hard that you have to pop the battery out to reset it?

    • Re:K.I.S.S. - simplicity is key (Score:4, Funny)

      by Prince Vegeta SSJ4 ( 718736 ) on Tuesday June 15, 2004 @10:26AM (#9429479)
      but what about those nice bluetooth mice/keyboards and PDAs, etc? PDAs I would think so, but doesn't a device need some sort of OS to get infected?

      the again, maybe thats why my mouse will be in a different spot in the morning than where I left it the night before, plus I'm noticing more LCD droppings. maybe he has a Virus?

    • How's this for a simple phone, I still use a Nokia 2160! Can't send text messages, no 'tooh' of any colour, no web access, no camera. Just a phone, how about that! I can talk into it, which is why I use it. Digital/analog with an extendable antenna. The keys are large enough to press them (singly), and it is obvious what they do with minimal multi-function keys.

      It is large and heavy (the long life battery alone is larger and heavier than most modern phones) but it works well for a long time and there

    • Fake simplicity -- lockout by telco and vendors (Score:4, Interesting)

      by swb ( 14022 ) on Tuesday June 15, 2004 @10:48AM (#9429720)
      I have a T730 with Verizon and the phone isn't KISS at all, it's pretty complicated, capable of downloading and running software.

      What bothers me is the *fake* simplicity and lockout. Why can't I just hook this phone to my PC with the USB cable and access the filesystem, transfering programs, ringtones, images and so on to the phone? With the phone software I can get some address book sync (it's such a shitty package, I regret buying it).

      Of course, I know it's all about Verizon making money off of downloads, but its such bullshit selling a "closed" device with fake simplicity. Yes, I know I can get warez copies of Moto phone tools, but how much harder would it be to make the phone show up as a USB storage device? The addressbook as a CSV file? A directory each for tones and images?

  • Semantics (Score:3, Informative)

    by American AC in Paris ( 230456 ) * on Tuesday June 15, 2004 @10:05AM (#9429226) Homepage
    If it cannot infect a system without the user's help, it isn't a worm. It's a virus.

    Sure, the difference isn't that big a deal, but to most people, there isn't any real difference between Linux and Unix...

    • Re:Semantics (Score:5, Informative)

      by shird ( 566377 ) on Tuesday June 15, 2004 @10:11AM (#9429303) Homepage Journal
      No.. that would make it a trojan.

      The definition of a worm isn't to do with whether or not it needs a user to run it - its just about whether it propgates via a network by itself rather than having users do the spreading.

      A virus hides itself in other executables and runs itself via proxy with the user not realising it. But it gernerally requires the user to do the distribution (generally without realising it).

      A trojan is simply a program which is malicous but pretends to be something else. If it happens to spread itself when run that doesn't make it a worm or a virus, but just a self spreading trojan. It would be closer to a trojan-slash-worm than a virus.

      • Re:Semantics (Score:4, Informative)

        by American AC in Paris ( 230456 ) * on Tuesday June 15, 2004 @11:43AM (#9430405) Homepage
        Urgh, this is what I get for posting before coffee. I had been relying on the /. blurb, since I couldn't reach Symantec (Akamai, perhaps?) Turns out the blurb wasn't entirely accurate, anyhow. From Symantec:

        The worm spreads as a .SIS file, which is automatically installed into the "APPS" directory when the receiver accepts the transmission. Upon execution, it will display a message then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted, so it continues to work even if the files are deleted from the APPS directory.

        ...so you're right--this is a classic trojan horse. As for the definition of 'worm', I prefer the Jargon File's version (if nothing else, it's most likely the oldest contextually-appropriate definition:)

        "[a worm is] A program that propagates itself over a network, reproducing itself as it goes."

        ...so according to TJF, it's not sufficient that it transmits itself--it must also reporoduce itself, which implies that the worm must be an autonomous program.

    • Re:Semantics (Score:5, Informative)

      by Tranzig ( 786710 ) <voidstar@freemail.hu> on Tuesday June 15, 2004 @10:14AM (#9429345)
      Actually the difference between viruses [wikipedia.org] and worms [wikipedia.org] is that worms are standalone programs while viruses need to infect other executables to be effective.

    • Re:Semantics (Score:5, Funny)

      by earthforce_1 ( 454968 ) <earthforce_1@y[ ]o.com ['aho' in gap]> on Tuesday June 15, 2004 @10:17AM (#9429379) Journal

      > Sure, the difference isn't that big a deal, but to most people, there isn't any > real difference between Linux and Unix...

      Especially if you work for SCO!

  • Simple Fix (Score:5, Insightful)

    by Brain Stew ( 225524 ) <zackwag@@@verizon...net> on Tuesday June 15, 2004 @10:06AM (#9429231) Homepage
    Bluetooth should be turned off out of the box. If an end-user is smart enough to know they want Bluetooth, they probably won't get hit with this attack.

    • Re:Simple Fix (Score:4, Insightful)

      by ack154 ( 591432 ) * on Tuesday June 15, 2004 @10:10AM (#9429285)
      "Hey what's this bluetooth thing? I guess I'll just activate it to find out... Oh, shit, it looks like I got a virus." Um, I'm thinking some people probably WILL get hit with this.

    • Re:Simple Fix (Score:4, Informative)

      by cjellibebi ( 645568 ) on Tuesday June 15, 2004 @10:12AM (#9429308)
      Anyone interested in the practice of Toothing [bbc.co.uk] ends up leaving their Bluetooth on. For more info on Toothing, see also here [blogspot.com] (Search for "toothing" in the page that appears - there's even a link to the Toothing forums).

    • Re:Simple Fix (Score:5, Interesting)

      by Sven Tuerpe ( 265795 ) <{sven} {at} {gaos.org}> on Tuesday June 15, 2004 @10:25AM (#9429461) Homepage
      Bluetooth should be turned off out of the box.

      What really will happen is this: some day somebody develops a killer application based on Bluetooth, something that implies fun. Handset manufacturers will happily add it to their products. Their usability tests will yield that Bluetooth must be enabled out of the box, or most users won't even notice the new killer app. So they will not only enable Bluetooth by default, but also firmly believe they have to do it this way.

      • Yes, but right now the "killer application" is a worm. So far it's only been good at killing batteries. Had it, say, included a 1-900 dialer or mass textmessage spammer, it might also have killed one's bank account.

        I'd say the risks outweigh the gains here. If somebody is able to download a new app for their phone, the app itself could probably enable bluetooth for them.

        • Re:Killer App (Score:3, Insightful)

          by Sven Tuerpe ( 265795 )

          I'd say the risks outweigh the gains here.

          Don't get me wrong, being a security researcher I fully agree with the proposal to have devices that are secure out of the box. However, I doubt those devices could gain any market share against devices that are fun out of the box before any major disaster occured. Security, as well as vulnerability, tends to be invisible unless it gets in your way. The majority of the users of cellphones has no idea how vulnerable their devices are, and how it might affect the

      • toothing ? Surely implies fun.
    • The average user doesn't look at "am I turning functionality on that'll make me vulnerable", he or she is looking at "how do I turn on functionality so I can do X fun thing" (where X is text messaging, gaming, etc). The functionality is second to the application, and it's why we're in the mess of security involved with the internet right now (user doesn't think about the ramifications of installing that chat or file sharing app).
  • ...better yet, a dialer that propagates itself and then sends out pre-recorded sales calls. This may sound crazy now, but will it sound crazy three years from now?

  • History (Score:5, Insightful)

    by Dark Lord Seth ( 584963 ) on Tuesday June 15, 2004 @10:06AM (#9429243) Journal
    This still relies on a user to open it, so hopefully that won't be many

    Those who fail to learn from history, are condemned to repeat it.

  • Oh those users... (Score:5, Insightful)

    by cjellibebi ( 645568 ) on Tuesday June 15, 2004 @10:07AM (#9429245)
    >This still relies on a user to open it, so hopefully that won't be many.
    Famous last words...

  • Cross platform via bluetooth (Score:3, Interesting)

    by LittleLebowskiUrbanA ( 619114 ) on Tuesday June 15, 2004 @10:09AM (#9429272) Homepage Journal
    Is a virus that spreads via phone to computer or vice versa possible?
    • Maybe possible... but unlikely, I'd think. Not only would the phone virus have to carry a PC version of itself, it'd need to access the computer, via Bluetooth, in such a way that it could execute code...

    • A virus spreading using phones and PCs could be possible.

      But there are many technical quirks to take into account, beginning with the fact that PCs and phones have different hardware architectures. A huge barrier.

    • Yes. This virus will apparently attack Bluetooth-enabled printers. It's not clear how successful the attacks are. But there may be an attack route there.

      Printers are a great potential target for spammers. Visualize Viagra ads appearing on your printer.

  • Uh, yeah. (Score:5, Insightful)

    by dannyelfman ( 717583 ) on Tuesday June 15, 2004 @10:13AM (#9429320)
    Right, no one *EVER* opens attachments.

    ``Oh look, Johnny sent me a new ring tone''

    ZAP!

    Until software companies will devote serious time to making sure their products aren't vulnerable like this, we will continue to see these types of monkey business.

    • I wouldn't be *TOO* hard on companies. It is tough to find every loophole and exploit! A company might have a team of 10-15 people developing this software. The hacker community comprises of a lot more then 10-15 people. So the odds are against the companies. All it takes is someone finding one single hole and they attack it. This is part of the reason why Windows gets more viruses then say MAC; because there are way more windows users and way more windows hackers then there are MAC users/hackers. Whil

  • And so it begins.... (Score:3, Insightful)

    by hot_Karls_bad_cavern ( 759797 ) on Tuesday June 15, 2004 @10:13AM (#9429328) Journal
    You network anything, it will be used by for shady purposes by unscrupulous folk. Think about that for a minute.

  • 'toothing (Score:3, Funny)

    by Anonymous Coward on Tuesday June 15, 2004 @10:14AM (#9429335)
    So... This is the digital equivalent of an STD for 'toothers, right?

  • Next Question will be..... (Score:4, Funny)

    by HighOrbit ( 631451 ) on Tuesday June 15, 2004 @10:15AM (#9429354)
    How did these 1-900 charges get on my phone bill?
    • Good question. What will the phone companies do as anti-spam, anti-virus measures? What about a service that blacklists any number not in your phonebook? What if viruses specifically target the phone book?

      In case of this particular virus I understand it was bluetooth based -- what about phone manufacturers? Firmware flash updates, anyone?

  • Here we go. (Score:5, Insightful)

    by ATAMAH ( 578546 ) on Tuesday June 15, 2004 @10:16AM (#9429364)
    I imagine that because of the cellphone frenzy there soon will be as much advertising (spam) in that medium as there is on the internet. Its just too big and too attractive a market to miss. And as cellphones get more and more features crammed into them - there will be viruses, worms, dialers. And they will be just as common.

    • Re:Here we go. (Score:3, Insightful)

      by liquidsin ( 398151 )
      I don't think it will get as bad for a long time. Here in Canada, most people don't pay for bandwidth by the mb, but they pay for cell service by the minute. Unlimited cell plans are pretty fucking expensive, from what I've seen. So people are less likely to raise a stink over email spam or web ads than they are over cell telemarketing or sms spam, since most of us still pay per message / minute. And it's a hell of a lot easier to track down the pig fuckers spamming you over a cell network.

    • Re:Here we go. (Score:3, Insightful)

      by frostman ( 302143 )
      The main reason SMS-spam is so rare is because you have to pay for every SMS you send. (One exception: the network provider you are currently connected to can send you SMS-s for "free" so of course you get the occasional spam from your provider or whoever you're roaming on.)

      The next biggest reason is that SMS *requires* identification.

      Now, imagine a bunch of infected phones...

      Free SMS-spam with meaningless (since vastly distributed and zombied) originating numbers.

      Uh-oh.....

  • Great (Score:5, Funny)

    by Anonymous Coward on Tuesday June 15, 2004 @10:16AM (#9429367)
    Remind me to bring an infected phone to the movie theater every time I go.
    • Last time I went to a movie, after putting my mobile in silent mode, I actually searched for other mobiles with Bluetooth, with the intent of sending "Set to silent/turn off" messages. Couldn't find any, felt let down...

  • anti-virus software people jumping for joy (Score:5, Insightful)

    by Nonillion ( 266505 ) on Tuesday June 15, 2004 @10:17AM (#9429381)
    I guess now the anti-virus software people now have themselves a new market to penetrate. I guess windows boxes were not enough to maintain their business model.
  • Damn just one more thing I have to purchase with my phone subscription. A monthly charge for cell phone virus definitions for my WAP NAV

  • Looking better and better (Score:3, Funny)

    by OhHellWithIt ( 756826 ) * on Tuesday June 15, 2004 @10:18AM (#9429389) Journal
    That old crank-operated phone on my parents' wall is looking better and better.
  • Unscrupulous types will drive around the suburbs with bluetooth transmitters on the top of honda civics and old hiaces, broadcasting viagra apps into our phones while we eat.

    E-marketers will place transmitters everywhere, including bins, bus seats and on signs in the middle of the desert so our phones never stop telling us about products that improve our lives.

    We will all begin to recieve mysterious bills for calls we made to a premium rate talking clock number while we were asleep.

    Our phones will broadcast our every move and spoken word to marketing agencies, who will happily charge us for a map of the route we took to work that morning, or for telling how good our
    eloqution is.

    Bluetooth porn spam will being blaring out of everyones mobile the minute that slightly dazed looking yuppie walks into the room with his brand new phone that he uses for browsing on the net and email and chat and buying stuff and everything!!!

    This situation(commencing next week) will continue without pause, until, faced with users mass binning their mobiles, symbian forcefully create their own virus to patch the phone on the fly as no-one , apart from geeks, will have bothered to delete the patch.

    You doubt me!?! You doubt my powers of foresight?!!

    So do I, but I'm sticking with my series 40 phone just in case.

  • Just One More Reason (Score:4, Interesting)

    by Paulrothrock ( 685079 ) on Tuesday June 15, 2004 @10:21AM (#9429422) Homepage Journal
    One more reason that cell phone manufacturers need to focus on the big three (battery life, signal strength, ease of use) instead of mindless feature-creep.

    Most people buy bluetooth phones and don't know what to use it for, just that it's another thing they have. (I have a Bluetooth phone, but only because my Powerbook also has bluetooth and can sync wirelessly. Otherwise I keep it turned off.)

    Most people really just want a phone that can hold contacts, get really great reception, and lasts a while between charges. (And, outside the US, send and recieve text messages easily.) Why not focus on these features? The same reason most car commercials are about performance and showing off instead of reliability and gas mileage; people are more convinced by flash than substance.

    Repeat after me: Something that has a lot of functions doesn't do any of those things as well as a dedicated piece of equipment. (PCs are a special case; software isn't.) Just like the only unitasker in your kitchen should be a fire extinguisher, the only multitasker in your geek lair should be your PC.

    • The same reason most car commercials are about performance and showing off instead of reliability and gas mileage; people are more convinced by flash than substance.

      Most people buy bluetooth phones and don't know what to use it for, just that it's another thing they have.

      One more reason that cell phone manufacturers need to focus on the big three (battery life, signal strength, ease of use) instead of mindless feature-creep.

      It sounds silly if you say them in the this order. I think you answer your ow

    • One more reason that cell phone manufacturers need to focus on the big three (battery life, signal strength, ease of use) instead of mindless feature-creep.

      As much as I wish that's what they would focus on, they will continue to focus on the holy grail of business: Profit.

      I used to sell cell phones, and signal strength didn't sell a single phone for me. As a salesman, I have absolutely no clue what phones recieve better than the others. Sales reps aren't trained on reception, if they are lucky, a
      • Uninformed customers are the reason the electronics industry as a whole has become the way it is, with products having a lot of pretty LEDs and flashy features instead of quality materials. People buy based on flash, and since companies make money from flashy products, that is what they will produce. This makes it hard for those of us who buy based on quality to find anything that meets our standards. Ultimately, the people end up getting what they want.
    • Just to clarify: I don't think that my post will change anything. I'm just pointing out a problem, and hopefully people will catch on and use market forces to do it.

      Phone companies have a right to seek profits, but when people are half-duped, half-convinced-of-necessity into buying a camera phone with Bluetooth when all they do is call their friends and then complain that it dies quickly, doesn't get good reception, and makes it hard to edit phonebook entries, they need to rethink their buying strategy. An

  • In the symantec article [symantec.com] (I could access it) it is suggested : "Turn off and remove unneeded services." I can't help laugh. Buy a blue-tooth enabled mobile phone, and turn off blue tooth stuff as soon as you have it out of the box... Or pay to have something removing the stuff you paid to get.

    Hum... may I suggest not ot get such a mobile phone ?
    By the way, turning off what I don't need, is something I do with my car, my house, my computer... That is why I have no viruses, no slow down, no whatever I do

  • Do you hear that, Mr. Anderson? (Score:5, Funny)

    by pjkundert ( 597719 ) on Tuesday June 15, 2004 @10:26AM (#9429471) Homepage
    That is the sound of inevitability...

  • WARNING!!! (Score:3, Interesting)

    by Fuzzums ( 250400 ) on Tuesday June 15, 2004 @10:27AM (#9429484) Homepage
    Do not answer calls from people you don't know. :D

  • That's it... (Score:3, Funny)

    by slashzero ( 524681 ) on Tuesday June 15, 2004 @10:37AM (#9429588)
    Remind me when cybernetic implants come out, to not get one. The last thing I need is a worm infecting my cybernetic arm.

  • what does it prove? (Score:5, Informative)

    by randomized ( 132106 ) on Tuesday June 15, 2004 @10:43AM (#9429657)
    Really, this does not prove anything. It doesn't exploit any weakness in the system and very easy to avoid.

    I am not sure how many of people who have posted before actually OWN series 60 device, but let me assure you that it's not as simple as accepting somebody's bluetooth transfer.

    First of all, you must have bluetooth always on and your device available to all, which is really bad idea considering that it eats your battery much faster. Battery life of the series 60 devices is pretty small as is. Having bluetooth on is sure way to kill it further.

    Second, you will have to go through few steps of actually INSTALLING unsigned application. This is VERY intrusive.

    Third, this thing does not auto startup. So, when your device is drained off battery, it won't run by itself as far as I can see.

    All in all, very poor attempt to create a malware for Series 60. I am sure you can get much higher propagation by installing an autoexec worm inside of S60 warez releases.

    Other avenue to look into is malformed MMS message that does buffer overrun and allows to execute arbitrary code. Now this would be a real baddy because you will be infected as soon as you open a message.

    Nice try, but no cake.

    • Good points, but...

      Third, this thing does not auto startup. So, when your device is drained off battery, it won't run by itself as far as I can see.

      From the report: "[...] then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted."

  • Engineering practice (Score:5, Insightful)

    by earthforce_1 ( 454968 ) <earthforce_1@y[ ]o.com ['aho' in gap]> on Tuesday June 15, 2004 @10:45AM (#9429682) Journal

    It has to be assumed that any system open to the general public, can be expected to come under hostile attack from hackers/spammers/criminals/terrorists. All hardware and software deployed in the field needs to be examined carefully for this. It is even more critical when you have a "monoculture" of HW/SW, since one exploit compromises the whole system.

    History has shown time and time again, hackers will expend a great deal of effort to compromise any accessible system even if just for the heck of it.

  • Blog Worm (Score:2, Informative)

    by darkain ( 749283 )
    we think we may have the very first blog worm this past weekend as well. after reports of a potential security exploit in LiveJournal [livejournal.com], a small team went to work to create a "proof of concept" self-replicating javascript code designed specifically to post itself in a viewers journal.

    More information can be found here [livejournal.com]

    a basic example of self-generating javascript code can be found here [darkain.com]

  • next generation worm (Score:3, Funny)

    by Errtu76 ( 776778 ) on Tuesday June 15, 2004 @10:56AM (#9429821) Journal
    Modern phones have infrared, right? So what if you combine the worm with this [userfriendly.org] idea? >:)

  • Proof of Concept? (Score:2, Interesting)

    by SoopahMan ( 706062 )
    From the Symantec site [symantec.com]:

    EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones.

    Uh, talk about coding your way to job security?

  • hahahahaha! (Score:2, Funny)

    by Anonymous Coward
    My cell is so old, it still has a monochromatic lcd screen.

    Keep on adding gadgets, whistles, and bells onto your pda/cellphone/sattelite phone/pager/mp3 player/tooth brush/microwave oven. I'll be over here with my "archaic" cell phone, bulletproof and grinning.

    "Aye sir, the more they overtake the plumbing, the easier it is to stop up the drain."
    -- Scotty, Star Trek III

  • Well so much for my success! (Score:4, Funny)

    by AviLazar ( 741826 ) on Tuesday June 15, 2004 @11:06AM (#9429952) Journal
    Dammit, and I was just starting to get the hang of Toothing [cnn.com]

  • Dialer (Score:3, Interesting)

    by Lord_Dweomer ( 648696 ) on Tuesday June 15, 2004 @11:14AM (#9430037) Homepage
    This brings up an interesting question. Lets say it had been a dialer. Lets say it racks up a large amount of charges on your bill while draining your minutes. Would the cell phone companies refund your money/minutes? Would you have to do it through the credit card company by doing a chargeback?

    What legal recourse would there be?

  • mimicking real life (Score:2, Interesting)

    by hexstatik ( 320446 )
    i find this virus very interesting in that there is a need for physical proximity in order for the virus to propagate, similar to real-world viruses. in the future, will these type of virus infections be limited to certain geographical areas depending on the initial "ignition" point, or will the infection vectors be more like real-life virus outbreaks? (imaging starting an infection a new york subway versus smalltown, usa)

  • Not only Nokia series 60 are affected... (Score:5, Informative)

    by capmilk ( 604826 ) on Tuesday June 15, 2004 @11:34AM (#9430290)
    ...but also other Symbain OS phones like Sony Ericsson P800/P900 and Motorola a920/a925.

  • Telephone Virus? (Score:3, Funny)

    by 0zymandias ( 442727 ) on Tuesday June 15, 2004 @12:22PM (#9430971) Homepage
    Perhaps we should not have sent away all the telephone sanitizers.

  • Big potential for disaster. (Score:4, Interesting)

    by gnarled ( 411192 ) on Tuesday June 15, 2004 @03:55PM (#9433843) Homepage
    What happens when the newest worm automatically dials 911. The system would be absolutely swamped, cops would be running around because when someone dials 911 and hangs up they still have to call, many people that actually had an emergency would never get through. It would be a serious disaster.

  • network attacks (Score:3, Interesting)

    by neoThoth ( 125081 ) on Tuesday June 15, 2004 @04:38PM (#9434381) Homepage
    could come from cell phones now. Or worse, your phone may start innocently distributing spam! Most of the blue tooth enabled phones have data services. I think a funnier worm would randomly dial people in your phonebook effectively letting friends and loved ones hear you bad mouth them.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close