Security threats Toolkit

Australian Cabir infestation reported

Tags:
Bluetooth,
Sydney,
Viruses,
Mobile

Kristyn Maslog-Levis ZDNet Australia

Published: 28 Feb 2005 09:30 GMT

Is Cabir rife in Sydney's taxis?

A Sydney-based business partner of the mobile anti-virus company SimWorks said his Nokia 6600 had contracted the smartphone virus from a taxi driver's smartphone in North Sydney. SimWorks claimed this was the "first documented Cabir infection in Australia".

Chris Wooldridge, the chief executive officer of mobile service delivery platform provider Bullant Software, said he continuously received a message saying "accept connection from Abdul" on his Nokia 6600 Tuesday afternoon last week after getting into the taxi.

He then asked the taxi driver if his name was Abdul and inquired why he was sending him a message. The taxi driver said he had experienced the problem for quite some time on his Nokia 6630 but he did not know how to fix it.

Wooldridge said that other taxi drivers were also suffering from the impact of the same virus with their Bluetooth-capable phones. He said since taxi drivers used Bluetooth headsets while driving, they were very susceptible to the virus.

Although Wooldridge kept refusing the incessant messages, the Cabir worm still infected his handset.

"Somehow, I'm not sure whether I pressed yes or no but it ended up in my handset. When I rebooted my phone, the anti-virus software said I have a virus and asked me whether I want to delete it from my inbox," Wooldrige said.

The virus was easily neutralised by the mobile antivirus product on Wooldridge's phone. The taxi driver complained that the worm has been an inconvenience since it drained the phone's battery very quickly.

Wooldridge said while the taxi driver knew about the virus, he was unaware that it was infecting people with Bluetooth-capable phones nearby.

The Cabir worm was discovered in June 2004 but was quickly dismissed as a relatively "harmless, proof-of-concept program".

It spreads itself to new devices by incessantly sending itself using the Bluetooth wireless short-range protocol, depleting a phone's battery life very fast. Infection can, however, be prevented by turning off a phone's "discoverable" mode.

"I think a naïve user have a good chance of pressing okay [when a message is sent through]. A user who doesn't know where it comes from can press 'yes' by default," Wooldridge said.

SimWorks chief executive officer, Aaron Davidson, believes that although this is the first documented case in Australia, it is not the first case of Cabir worm infection in the country.

Late last year, SimWorks received unconfirmed reports of a much earlier version of the Cabir worm floating around train stations in Sydney.

"Although we investigated it, we never managed to confirm if it was true. I expect there would be other unconfirmed instances around where people really don’t know what it is about and how to get rid of it," he said.

"People are fairly naïve when it comes to mobile phone viruses. A lot of people aren't really aware that there is a problem at this point. The surprising thing however is that the taxi driver knows he has the infection, but didn’t know how to get rid of it. It's probably more common than we know," Davidson said.

Kristyn Maslog-Levis reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.