Cabir sighting in US
Cabir isn’t a big deal because it only spreads from Bluetooth-enabled phone to BT-enabled phone and carries no payload other than the worm itself. The only damage it does is to run down the battery of any infected handset as it repeatedly polls for other BT devices to infect.
Nonetheless, it does prove the potential of a worm with a more dangerous payload to do real damage, especially as larger numbers of handsets have BT support and users leave it on by default. The usual advice applies:
- Only turn on BT when you need to use it
- Set BT visibility to “hidden” so it can’t be scanned
- Don’t pair devices if you can avoid it
- If you must pair, set pairing to “Unauthorized” so you’ll be prompted for interaction
- Never accept applications from unknown sources
For more information, refer to the Symantec Security Response Cabir page.