Beware of Cabir Virus, if you are using Mobile phone 

Another version of the "Skulls" Trojan horse, which carries Cabir worm into bluetooth cell phones has been found recently. Cabir worm attacks on the bluetooth mobile phones,that use Symbian operating system with support Series 60 platform.

A cell phone after getting infected with Cabir worm, it displays the word "Caribe" on a screen as the worm modifies the Symbian operating system and spreads over other blurtooth cell phones to target.

Generally Cabir replicates over bluetooth connections and settles in phone messaging inbox as caribe.sis file what contains the Cabir worm. Once a user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and targets the new devices to infect over bluetooth network.

A cell phone will start sending infected SIS files to another bluetooth device once it gets infected with Cabir,and locks that cell phone. Cabir worm can able to infect only those cell phones that support bluetooth technology and are in discoverable mode.So the best remedy to protect your cell phone from Cabir worm is to select hidden Bluetooth mode.

Once the phone gets infected with Cabir,it will try to infect other applications even as user tries to disable bluetooth from system settings.

Unfortunately when the user clicks on the caribe.sis in phone messaging inbox the phone will display a warning dialog with normal installation question. If the user clicks yes the Cabir worm will activate.

Disinfection using anti-virus program 

Many mobile anti-virus programs available online to disinfect this worm. Run the best suited anti-virus program and simply follow the instructions to kill the worm.

You can also disinfect the system manually by installing a file manager application to delete these files:

c:systemappscaribecaribe.rsc

c:systemappscaribecaribe.app

c:systemappscaribelo.mdl

c:system ecogslo.mdl

c:systemsymbiansecuredatacaribesecuritymanagercaribe.app

c:systemsymbiansecuredatacaribesecuritymanagercaribe.rsc

How does it replicate?

Over bluetooth it replicates in caribe.sis file that contains the worm main executable caribe.app, system recognizer flo.mdl and resource file caribe.rsc. The SIS file contains autostart settings that will automatically execute caribe.app after the SIS file is being installed.

The caribe.sis file doesn't automatically target to the device, it is possible only, if the user clicks yes to the question, while the infected device is still in range.

Once the Cabir worm gets activated it will start looking for other bluetooth devices, and starts sending infected caribe.sis files to the device that comes in the way or communicated. The replication locks a first device it finds and it won't look for other devices.

Cabir worm is able to send infected files to single device per activation. So this worm will try to infect one other device when it is activated the first time, and again only if the phone is rebooted. It means that it spreads slowly. Cabir worm can spread widely only, if the cell phone that sends the infected file is out of range before user activates the Cabir worm in a new cell phone.

How does it infect?

Once the cell phone gets infected with Cabir worm, it installs the caribe.sis file and the installer will copy the worm executables into following locations:

c:systemappscaribecaribe.rsc
c:systemappscaribecaribe.app
c:systemappscaribelo.mdl

After caribe.app is executed it copies the following files:

flo.mdl to c:system ecogs
caribe.app to c:systemsymbiansecuredatacaribesecuritymanager
caribe.rsc to c:systemsymbiansecuredatacaribesecuritymanager

It is only possible if the user installs the application to memory card where the worm will copy the caribe.sis file from worm component files that will cause the blockage of the data files in caribe.app. After copying caribe.sis file the worm sends the SIS file to all visible bluetooth cell phones that comes in it's way.

It is recommended to select hidden Bluetooth mode to protect your cell phone from Cabir worm.

Subscribe to "COMPTECH" ezine to get the latest news and updates on Computer Hardware, Software, Tips & Tutorials.

Enter your E-mail Address Enter your First Name (optional) Then Don't worry -- your e-mail address is totally secure. I promise to use it only to send you Mindpc.