Monday, June 21, 2004

New Cabir Virus Hits Cellphones - First To Do So!

Madrid, June 18, 2004 - This week's report will focus on Cabir, the first
worm capable of spreading through mobile phones, two Trojans -StartPage.FH
and Downloader.HC- and a joke called Argen.

Cabir starts a new era in IT security, as it is the first worm capable of
spreading through mobile phones. It affects devices running under the
Symbian operating system used in many phones manufactured by companies like
Nokia, Siemens and Sony Ericsson.

Cabir spreads in a file called Caribe.sis, which is automatically installed
on the system when the user accepts the transfer. When it is launched, it
displays the following message on screen: Caribe. Then it starts a constant
search for other phones that are also connected using Bluetooth technology.
This process significantly reduces the phone's battery operating time.

The two Trojans in today's report are StartPage.FH and Downloader.HC. In
order to reach the affected computer, they need the attacker's intervention.
They can spread through many different means of transmission (floppy disks,
CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC
channels, peer-to-peer (P2P) file sharing networks, etc.).

StartPage.FH changes the home page of Internet Explorer. It also shows false
messages on screen warning the user that the computer is infected by
different spyware and adware programs. It does this to trick the user into
accessing certain web pages. When these pages are accessed, messages are
displayed on screen asking for permission to install other malware or
programs like eAcceleration and eAnthology. As long as the computer is
affected by StartPage.FH, the original home page cannot be restored.

Downloader.HC downloads the adware detected by Panda Software as Lop on the
affected computer, which adds a tool bar to Internet Explorer. Downloader.HC
also modifies the home page and several search options of Internet Explorer
and adds several links to the Favorites folder. Occasionally, when the user
closes the browser window, it displays advertisements.

We are going to finish this week's report with Argen, a joke that displays
several windows on screen as it opens the CD-ROM drive. When the user clicks
on the 'OK' button, the CD-ROM drive closes. Once Argen is run, the user
will not be able to use the computer until its actions have finished.

For further information about these and other computer threats, visit Panda
Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/

Additional information

- Joke: a program that displays false messages on screen warning the user
that destructive actions will be carried out on the computer, pretend to
carry out these actions or modify the settings of the screen, mouse, etc.

- Spyware: program that is automatically installed with another, (usually
without the user's permission and even without the user realizing), which
collects personal data (data on Internet access, action carried out while
browsing, pages visited, programs installed on the computer, etc.).

More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx