According to Symantec, we got it - the first worm, designed for mobile devices - this time for Nokia Series 60 phones. According to Symantec's Security Response, the worm copies itself to other Bluetooth devices in range:
EPOC.Cabir is a proof-of-concept worm that replicates on Nokia Series 60 phones. It repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device (ie even a Bluetooth-enabled printer will be attacked if it is within range).
The worm spreads as a .SIS file, which is automatically installed into the "APPS" directory when the receiver accepts the transmission. Upon execution, it will display a message then copy itself to a directory that is not visible by default. The worm runs from this directory whenever the phone is rebooted, so it continues to work even if the files are deleted from the APPS directory.
Once the worm is running, it will constantly search for Bluetooth-enabled devices, and send itself to the first device that it finds. There is no payload, apart from the vastly shortened battery life caused by the constant scanning for Bluetooth-enabled devices.
So far the worm wasn't seen in reality but anyway - the "proof-of-concept" definition might be a good hint what we can expect in future. So far, I haven't heard about a similar worm for Windows Mobile Smartphones or Pocket PCs but I'm sure it's just a question of time also. :-(
Cheers ~ Arne
Related Links : [More Information]