<<<
Wednesday, September 14, 2005
>>>
 
Some thoughts about Bluetooth and Cabir spreading Posted by Jarno @ 10:49 GMT

Cabir_infecting (13k image)
Lately there has been discussion in some medias, that point out that the mobile worms that we have seen are nothing but hype and no one in their right mind would get infected with something as simple as Cabir or Commwarrior.

As all currently known Symbian trojans and worms display several warnings, it would be easy to blame any user who got phone infected being stupid or ignorant. However when starting to investigate why people get infected by Cabir and other Bluetooth worms, it turns out that the explanation is not as simple as one would think.

Firstly there are several Symbian software that require Bluetooth to be visible in order to work properly. And some of them either switch on the Bluetooth without asking from the user, or display activation question in such manner that user is likely to answer yes.

Then there are several social networking applications that use Bluetooth such as YOU-WHO and CrowdSurfer. Which enable people to use Bluetooth for social networking and gaming, thus lowering the bar for accepting any connections and files from unknown persons.
And there even is an art project, that is based on searching Bluetooth devices that are visible and contacting people.

And finally most Cabir variants are quite aggressive in spreading, and keep sending the Bluetooth connection requests, even when user clicks no to them. Thus potentially causing the user to get frustrated to these requests and start clicking yes to all questions.

To demonstrate this effect, we have shot videos of Cabir bombarding another phone, and commwarrior trying to hit all the phones it sees at the same moment.

A video of Cabir infecting another phone (WMV 17.2MB file)

A video of Commwarrior trying to connect several phones at the same time (1654k file)

On the other news, we added description for SymbOS/Doomboot.D a very close variant to Doomboot.C. Doomboot.D is otherwise minor case, except that it contains real pictures of Angelina Jolie, so it might spread among people who download illegal content.

Also we have updated the list of Commwarrior sightings.

1. Ireland
2. India
3. Oman
4. Italy
5. Philippines
6. Finland
7. Greece
8. South Africa
9. Malaysia
10.Austria
11.Brunei
12.Germany
13.USA
14.Canada
15.UK
16.Romania
17.Poland
18.Russia






<<< We're entering hardware business!
|
17-year old confesses Paris Hilton phone hack >>>