Novi virus - Mabir.A

It seems that Mabir.A is based on Cabir source code. The Mabir.A spreads using bluetooth using the same routine as early variants of Cabir, when Mabir.A activates it will search for the first bluetooth phone it finds, and start sending copies of itself to that phone. If the phone Mabir finds goes out of range, the Mabir.A still seems to be locked on that.

The MMS spreading function of Mabir.A uses a new social engineering technique. Instead of just reading all phone numbers from the local address book, the Mabir.A listens for any SMS or MMS messages that arrive to the phone. And when a message arrives, the Mabir sends itself as MMS message to the sending phone number. Thus posing as a reply to whatever message was sent to the infected phone.

The F-Secure Mobile Anti-Virus has now exact detection for the Mabir.A, and was able to detect it even before we got the sample using generic detection.

Now that there are three mobile viruses which try to spread over MMS messages, we've been getting questions on how global MMS functionality really is. Well, it seems to be pretty global and pretty compatible. I'm right now travelling in USA and have been succesfully sending MMS messages from my European phone to local phones and to back home. Last month we succesfully received MMS messages from Australia.

And that's the scary part of MMS viruses. Think about it: how many numbers do you have stored in your mobile phone? Dozens? Hundreds? In how many countries are they? If you would get infected and would send a malicious MMS to all those numbers, how many of the recipients would trust the message coming from you and open it? To how many countries would you spread the virus?

The latest MMS virus Mabir is written by the same virus writer who wrote the Cabir bluetooth worm. In a magazine interview he gave two weeks ago, he was quoted that he hopes to write another cellphone virus, as soon as he finds the time. Seems that he did.

Mabir has not been found in the wild. Lets hope it never makes it there.

Vijest je malo starija nekih mjesec dana al bolje ikad nego nikad.

