A Look Back at How Kaspersky Lab Discovered the Very First Mobile Malware
Submitted by alison.rossetti on Wed, 06/18/2014 - 09:08
By: Kaspersky Américas on 18/06/2014
years ago, Kaspersky Lab reported the discovery of Cabir – the first ever worm
designed to attack mobile phones. Unlike most modern malware samples, Cabir
wasn’t equipped with a wide range of malicious functions. Instead, it made
history by proving that it was possible to infect mobile phones.
worm was first discovered when Kaspersky Lab virus analyst, Roman Kuzmenko,
received a suspicious email with no text in the email body and only an
attachment. After some analysis, the analyst found that it was written to
execute on the Symbian OS – a mobile operating system which powered Nokia
analysis showed that this file was able to send itself to another phone via
Bluetooth, which drained the infected phone’s batter extremely quickly. This
was the only function of the newly discovered malware – it was hardly
malicious. However, after discovering that the malware could send itself to
other phones, Kaspersky Lab was encouraged to create a special mobile malware
analysis room that prevented radio signals from leaving it. This is where
Kaspersky Lab began testing new mobile malware samples.
the malware coding, Kaspersky Lab found mentions of “29A,” a group of malware
writers notorious for developing conceptual viruses in order to prove
vulnerabilities in certain systems or devices. The group published information
about the Cabir malware in its e-magazine, which prompted other virus writers
to develop the idea further.
Gostev, Chief Security Expert at Kaspersky Lab, said of the discovery, “Cabir
was just a beginning, a starting point. Soon after we discovered it, we saw
clearly that mobile threats are a very serious problem which needs a very
special approach. In response, we established a whole new research division
within Kaspersky Lab that was fully dedicated to mobile threats.”
Cabir, a few hundred different viruses targeting Symbian devices were
discovered. However, the number of malware samples targeting this platform
started to decline rapidly after the establishment of new mobile operating
systems, such as Android, which grew to be more widespread and thus more
lucrative for cybercriminals. Ten years after the discovery of Cabir, Kaspersky
Lab’s collection of mobile malware contains more than 340,000 unique samples,
with more than 99 percent targeting the Android operating system.
details about how Cabir was discovered, how it got its name, the epidemic it
provoked and the impact that it made on the cyber security industry can be
found in a blog post by Eugene Kaspersky.
see how mobile malware has evolved during the last ten years please check out a
special Kaspersky Lab Infographic.