First mobile virus for Series 60 phones

I've read about this "VIRUS" but I wouldn't be that alarmed.The virus is INNOCUOUS!! The only thing it does is spread itself among other BT devices trough a DEFAULT INSTALLATION PROCESS.To get rid of it you just have to go to the FileManager and delete 3 files... bah! That's just a trick or something like that to begin the everlasting debate on SECURITY.

All I say is:
YOUR PHONE IS SECURE! DON'T WORRY

How many times more do we have to see this BS?

Cabir is not a virus. Virus is something that spreads unattended, uncontrolled.

Cabir requires:
- approving connection from unknown device
- approving receiving a file from unknown device
- approving installation of unknown application received from unknown device.
THREE warnings and required confirmations.

It's like if I sent you FORMAT.EXE (renamed to Cabir.exe) and asked you to run it and then to answer "YES" to the "Do you really want to format your C: drive" message changed to "Do you like me?". Would you run it and answer YES?

Cabir is NOT a virus. It is people who confirm three warnings about unknown, possibly insecure file - approve connection, allow receipment, install it - who are mentally infected. It doesn't take Cabir to damage such people's phone or computer. Format.exe is just enough. Would you call Format.exe a virus?

Somebody made this thing and we'll soon see 20 antivirus applications for Series 60 (one of them is already available). Totally useless simply because there are no virii for Symbian OS. But people will be wasting their money in fear of the extremely dangerous Cabir virus. Articles like yours only scare people even more, without any reasons.

People, better buy yourself a good game and relax. You really don't need any anti-virus software. Just remember NOT to accept files from unknown people or - if you happen to get it (e.g. from somebody authorized to send you files without confirmation) just don't install it and that's all. It CAN'T install automatically. No big deal.

It's not a big deal and it won't have any negative affects, aside from battery drainage(since it's constantly attempting to send itself over bluetooth). But hey, our job is to report the news, and our source categorized it as a virus. We're just passing that news onto you. Is this virus severe? No. Will it ruin your phone? Of course not. But it's the beginning of the attempts to try to create viruses that will ruin your phone, so it's important to report on it.

You're correct that it cannot install automatically, and that's something we touched apon with the "If you're downloading what you believe is a Series 60 version of Tetris and you see the file is Caribe.sis or another suspicious name, don't install it." sentence. It needs confirmation to install.

Cabir_disaster wrote:Cabir is NOT a virus. It is people who confirm three warnings about unknown, possibly insecure file - approve connection, allow receipment, install it - who are mentally infected.

Couldn't agree more.

Jon M wrote:We're just passing that news onto you.

Jon M wrote:our source categorized it as a virus

Jon M wrote:But it's the beginning of the attempts to try to create viruses that will ruin your phone

BTW. There is one good thing about Cabir: maybe it'll make people think twice before downloading warez from suspicious websites. As such, I consider it a good anti-piracy tool for Symbian OS.

BTW2. I can only think of two reasons behind Cabir creators: either some antivirus companies want to enter new market and make money on people who don't really need their software or Microsoft wants to show how insecure Symbian OS is compared to their great MS Smartphone devices.

I think Jon M must have been a little confused (drunk? 😃) when he wrote that post...

Ewan posted an article about this a week ago (http://www.allaboutsymbian.com/forum//forum/thread/24704/#post174712#post174712), which I think better reflects the views of the team behind AAS.

Btw, 'Cabir_disaster', I'm pretty sure I know who you are 😉

Cheers

Raven wrote:I think Jon M must have been a little confused (drunk? 😃) when he wrote that post...

Ewan posted an article about this a week ago (http://www.allaboutsymbian.com/forum//forum/thread/24704/#post174712#post174712), which I think better reflects the views of the team behind AAS.

Btw, 'Cabir_disaster', I'm pretty sure I know who you are 😉

Cheers

Lmfao sorry I don't know what the hell I was thinking when I did that last night. I've had that news post saved for over 2 weeks, but that was when I first started here so I wasn't sure how to make news posts. I wasn't all there when I came home last night(lol), and I don't know what I did. Sorry about that, it won't happen again.

Heh no problem. I actually thought it was a good post, afterall its much better having a spectrum of opinion.

You should have seem some of the news posts I've deleted altogether late at night. I remember one about how Symbian phones made you more sexy (yes I do know who posted it and no it wasn't me)...

Indeed - Rafe is already a bit of a looker so the Hufflepuff girls tell me.

😉

Jon M wrote:Your N-Gage isn't safe anymore, and neither are any nother Series 60 phones you own. Why is this? A mobile worm. Symb/Cabir-A is a worm written specifically for Nokia Series 60 mobile phones running the Symbian operating system. The worm spreads as a .sis package, named as Caribe.sis. Inside the file are three other files, caribe.app, flo.mdl and caribe.rsc.

Those files are installed onto the System/Apps/Directory on the phone itself. The worm runs everytime the device is turned on or restarted, and worse, once Symb/Cabir-A is installed, it'll attempt to send itself to other Series 60 phones whenever your Bluetooth is activated. There are some measures that can be taken to avoid the worm, though, and even if you get it, it can be deleted. Our advice is to turn your bluetooth off whenever it's not needed, and don't turn it on in crowded areas for long periods of time. Also, know what you're installing on your phone. If you're downloading what you believe is a Series 60 version of Tetris and you see the file is Caribe.sis or another suspicious name, don't install it. Be alert and be smart on what you install onto your N-Gage, 3650, or other Series 60 device. Please note, while this specific worm at it's present stage does not cause any known damage to Series 60 phones, it's important to note that upcoming worms/viruses just might. Symb/Cabir will not install onto Pocket PCs, Palms or any other devices aside from Nokia Series 60 phones.

hey,,im from the philippines,,im in big trouble!!,,i received this darn file last night,,being the curious girl i was,,i installed it,,my big problem now is i cant use my bluetooth properly. when i try to send data, i find out that the bluetooth connection is being used by that worm. i need help,,i deleted the files already but it still appears everytime i open my telephone. any virus "cleaners" i have to download? i handle a 3660 phone (the updated model of the 3650 with the more fixed keypad )...thanks,,ill be looking forward to your replies,,

problematicKID wrote:hey,,im from the philippines,,im in big trouble!!,,i received this darn file last night,,being the curious girl i was,,i installed it,,my big problem now is i cant use my bluetooth properly. when i try to send data, i find out that the bluetooth connection is being used by that worm. i need help,,i deleted the files already but it still appears everytime i open my telephone. any virus "cleaners" i have to download? i handle a 3660 phone (the updated model of the 3650 with the more fixed keypad )...thanks,,ill be looking forward to your replies,,

install Fexplorer from www.gosymbian.com (its free), the after installing Fexplorer browse the caribe files then delete the files. email me at [email][email protected][/email]

Cabir is the first network worm capable of spreading via Bluetooth; it infects mobile phones which run Symbian OS.

A wide range of phones from a number of manufacturers use this technology. It is clear that Nokia 3650, 7650 and N-Gage phones can all be infected by Cabir. However, any handset running Symbian OS is potentially vulnerable to infection.

There are currently two versions of this worm. They are identical, except that one version, when displaying a Window Alert text, will include the text line VZ/29a.

The worm itself is an SIS format file, called caribe.sis, of 15092 bytes in size (the second version is 15104 bytes in size)

This file contains three objects:

caribe.app: 11932 bytes/ 11944 bytes in size
flo.mdl: 2544 bytes in size
caribe.rsc: 44 bytes in size

When launched, the worm displays a message on the screen: either 'Caribe' or 'Caribe - VZ/29a'.

It then installs itself to the following directories:

�:\system\apps\caribe\caribe.app
�:\system\apps\caribe\flo.mdl
�:\system\apps\caribe\caribe.rsc

C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.SIS
C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.APP
C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CARIBE.RSC
C:\SYSTEM\RECOGS\FLO.MDL
The directory SYMBIANSECUREDATA which the worm creates is hidden and cannot be seen by the user of the infected telephone.

Even if the worm file is deleted from the APPS directory, the worm will continue to be active in the system.

You need to delete the file inside SYMBIANSECUREDATA... Use Fexplorer as it can view hidden files... www.gosymbian.com and download Fexplorer.

wins wrote:install Fexplorer from www.gosymbian.com (its free), the after installing Fexplorer browse the caribe files then delete the files. email me at [email][email protected][/email]

It would be interesting to have a copy of this program. Anyone knows where I can get it?

hey thanks a ton mate, I now know how to remove that WORM frm my 6600! The Nokia Dealers over here charge a Princely sum for removing it! U saved me a lot! 😊

i just remove the caribe but it still appeaR any file can help mi remove the virus...?

Cabir_disaster wrote:How many times more do we have to see this BS?

Cabir is not a virus. Virus is something that spreads unattended, uncontrolled.

Cabir requires:
- approving connection from unknown device
- approving receiving a file from unknown device
- approving installation of unknown application received from unknown device.
THREE warnings and required confirmations.

I must say i agree in some ways BUT you are wrong in many other ways...

A large amount of virus worldwide now days ask for installion on the OS, Now how is this not a virus?... I still bugs out the OS by affecting the battery and overloading the system with un-needed processes and causes the mobile to die out within a few minutes...

Now to say its not a virus because of the 3 warnings is STUPID... Internet worm virus need 2 of those warnings and also WinXP which comes with a worm virus needs all 3...

1. Would you like to install WinXP
2. Internet connection found
3. Sending all data about you and your life...

So really, why isn't this a virus if it jumps from each phone UNCONTROLED AND UNATTENDED??... really all virus also do this trick to affect more systems...

So really look up some research next time as 60% - 80% of all viruses since the age of the internet have required these 3 warnings to affect a system...

hey I just got infected by a virus called CommWarrior, is there a way to remove it?