Cabir is the name of a computer worm developed in 2004 that is designed to infect mobile phones running Symbian OS. It is believed to be the first computer worm that can infect mobile phones. When a phone is infected with Cabir, the message "Caribe" is displayed on the phone's display, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.
The worm was not sent out into the wild, but sent directly to anti-virus firms, who believe Cabir in its current state is harmless. However, it does prove that mobile phones are also at risk from virus writers. Experts also believe that the worm was developed by a group who call themselves 29A, a group of international hackers, as a "proof of concept" worm in order to catch world attention. It failed to infect any of its targets.
The worm can attack and replicate on Bluetooth enabled Series 60 phones. The worm tries to send itself to all Bluetooth enabled devices that support the "Object Push Profile", which can also be non-Symbian phones, desktop computers or even printers. Symantec reports that the worm spreads as a .SIS file installed in the Apps directory. Unlike actual PC worms, Cabir does not spread if the user does not accept the file-transfer or does not agree with the installation. F-Secure reports that some phones, at least, warn the user about an unverified supplier. So, like many other worms, this sample also needs a good portion of social engineering to reach its goal.
While the worm is considered harmless because it replicates but does not perform any other activity, it will result in shortened battery life on portable devices due to constant scanning for other Bluetooth enabled devices.
Mabir, a variant of Cabir, is capable of spreading not only via Bluetooth but also via MMS. By sending out copies of itself as a .sis file over cellular networks, it can affect even users who are outside the 10m range of Bluetooth.