Smart phone worm gets smarter

A security firm has warned that the Cabir mobile phone virus is becoming more of a threat as more variants emerge.

Earlier versions of Cabir, which spreads through phones running the Symbian operating system and Bluetooth wireless technology, won attention this summer for being the first worms to spread via smart phones. But they were quickly determined to be relatively harmless, proof-of-concept programs.

As it issued alerts for Cabir.H, Cabir.I, and Cabir.J, security firm F-Secure warned that the latest versions of Cabir are evolving beyond its comparatively benign predecessors.

F-Secure warned in a release on Tuesday: "These new Cabir variants fix a flaw that was slowing down original Cabir's spreading speed. Cabir originally would only spread to one new phone per reboot [while] Cabir.H and Cabir.I can spread to an unlimited number of phones per reboot."

The sheer quantity of variants being detected now and their closeness to the original indicate that Cabir's secret sauce is no longer much of a secret, F-Secure warned.

"These new variants seem to be recompiled versions based on original Cabir source code," F-Secure said. "Which means that the Cabir source code is floating around in the underground. Which is bad news. We didn't know the sources were out there, and we've never seen them."

F-Secure said the latest variants had not been detected in the wild, and that Symbian users can protect themselves by turning off the phone's "discoverable" mode. The malicious software affects only Symbian OS-based phones running Nokia's Series 60 user interface, according to Symbian.

Paul Festa writes for CNET News.com.