Cabir, which first appeared in June, uses Bluetooth to infect smart phones running the Symbian operating system. Disguised as a security utility, Cabir itself doesn't do any permanent damage, but it has been used to deliver other malicious codes, such as the Skulls Trojan horse, to phones. The worm has been detected in several countries, including China, India, Turkey, the Philippines, and Finland, and spreads as people travel with infected phones. According to several anti-virus vendors, the source code for the Cabir worm is out and in the hands of those beyond the immediate circle of "29A," the Russian hacker gang thought responsible for originally creating the worm.
"As far as we know, until now the Cabir source code was accessible only to a limited number of people, including members of 29A," said Alecks Gostev, a senior virus analyst at Kaspersky Labs in an e-mail. "We think it was planned to publish the source code in the next edition of the group's electronic journal. [But] it looks like someone has already got access to the code, and now it's public.
"This will lead to a lot of new versions of Cabir," he added.
U.K.-based Sophos had a different take on the Cabir source code. The code, which Sophos has spotted on a Brazilian hacker's Web site, is not from 29A, but that used to create Cabir.h. and Cabir.i, the two most recent variations. According to Sophos, the Brazilian claims to have written the worms from scratch, then posted his own source code.