10 interesting facts about Cabir, a decade-old smartphone virus

Exactly ten years ago we discovered the first real virus written for smartphones from that time (Nokia N-Gage anyone?). It was named Cabir and it opened a whole new world to malware analysts, virus writers and ordinary users. Here are some amusing facts about this decade-old malware.

cabir-compressor

  1. The malware was named Cabir because it sounds similar to “Caribe” string found inside the virus body, and, in honor of Kaspersky Lab employee Elena Kabirova, who coincidentally entered the antimalware lab during the name-related discussion.
  2. Cabir was spreading among the most popular smartphones of 2004 ― Symbian-based Nokia devices.
  3.  The only infection channel was Bluetooth. It was very easy to get infected during a commute, at a restaurant, a concert or a sport event. One of the biggest Cabir infections was detected during the Athletics Word Cup held in Helsinki.
  4. To protect a smartphone from Cabir, one had to turn Bluetooth off or simply switch it to the “invisible” mode.
  5. Kaspersky Lab analysts were purposely searching for two Nokia smartphones to research the malware in the wild ―this kind of device was considered expensive back in 2004. Since then, Kaspersky Lab systematically buys every popular mobile device model to research a malware for a respective platform.
  6. There was a special “RF-proof room” in the old Kaspersky Lab office, its walls were impenetrable by Bluetooth and other radio waves. Researchers were experimenting in this room, without any risk of infecting other employees’ or visitor’s smartphones.
  7.  A few months before Cabir, Alex Gostev, Kaspersky Lab chief malware researcher, was asked by a journalist, why there are no smartphone viruses. Gostev responded that in one year’s time there will be some.  It turned out, he was right.
  8. Technically speaking, Cabir is not the first mobile virus. There were some viruses for PDA, i.e. Phage for Palm OS (circa 2000). However, Cabir is the first strictly smartphone-oriented virus.
  9. Cabir was written by 29A, a hacker group famous by creating many complicated, innovative viruses. Fragments of Cabir code were published by 29A members, which eventually led to the creation of multiple spinoffs by other virus writers.
  10. A man who sent a Cabir sample to Kaspersky Lab, actually sent it to five or six leading antivirus companies. Kaspersky Lab was the only one able to quickly figure out the nature of this code and promptly include its detection to antiviral databases. Roman Kuzmenko, who solved this tricky puzzle during his night shift (AV labs work 24/7, remember?) was awarded with a brand new Symbian-based Nokia smartphone :)

s-Com-Cabir4_EN-compressor

 

Further reading: Eugenes’s blog.

 

  • Share
  • Pin It