Cabir The World's First Mobile Worm Turns 10 By Staff Reporter | Jan 19, 2014 05:08 PM EST Fortinetâs FortiGuard Labs has experience with more than 1,300 new malicious applications per day and also currently tracks over 300 Android malware families and over 400,000 malicious Android applications. The company recently wrote an in depth article highlighting the most significant mobile malware over the last 10 years. Google / Mobile Tricks and Hacks2004: The First Attempt!Cabir was the worldâs first mobile worm. Designed to infect the Nokia Series 60, its attack resulted in the word âCaribeâ appearing on the screen of infected phones. The worm then spread itself by seeking other devices (phones, printers, game consolesâ¦) within close proximity by using the phoneâs Bluetooth capability. 2005: Adding MMS To the Mix CommWarrior, discovered in 2005, picked up where Cabir left off by adding the ability to propagate itself using both Bluetooth and MMS. Once installed on the device, CommWarrior would access the infected phoneâs contact file and send itself via the carrierâs MMS service to each contact. The use of MMS as a propagation method introduced an economic aspect; for each MMS message sent, phone owners would incur a charge from their carrier. In fact, some operators have stated that up to 3.5 percent of their traffic was sourced to CommWarrior, and eventually agreed to reimburse the victims.2006: Following the MoneyAfter the demonstrated successes of Cabir and CommWarrior, the security community detected a Trojan called RedBrowser touting several key differences from its predecessors. The first was that it was designed to infect a phone via the Java 2 Micro Edition (J2ME) platform. The Trojan would present itself as an application to make browsing Wireless Application Protocol (WAP) websites easier. By targeting the universally supported Java platform rather than the deviceâs operating system, the Trojanâs developers were able to target a much larger audience, regardless of the phoneâs manufacturer or operating system. 2007-2008: A Period of TransitionDespite stagnation in the evolution of mobile threats during this two-year period, there was an increase in the number of malware that accessed premium rate services without the device ownerâs knowledge.2009: The Introduction of the Mobile Botnet In early 2009, Fortinet discovered Yxes (anagram of âSexyâ), a piece of malware behind the seemingly legitimate âSexy Viewâ application. Yxes also had the distinction of being a Symbian certified application, which took advantage of a quirk within the Symbian ecosystem that allowed developers to âsign offâ applications themselves.2010: The Industrial Age Of Mobile Malware 2010 marked a major milestone in the history of mobile malware: the transition from geographically localized individuals or small groups to large-scale, organized cybercriminals operating on a worldwide basis. This is the beginning of the âindustrialization of mobile malwareâ in which attackers realized that mobile malware could easily bring them a lot of money, eliciting a decision to exploit the threats more intensely. 2011: Android, Android and Even More Android!With attacks on Android platforms intensifying, more powerful malware began to emerge in 2011. DroidKungFu, for example, emerged with several unique characteristics, and even today is considered one of the most technologically advanced viruses in existence. The malware included a well-known exploit to ârootâ or become an administrator of the phone â uDev or Rage Against The Cage â giving it total control of the device and the ability to contact a command server. It was also able to evade detection by anti-virus software, the first battle in the ongoing war between the cybercriminals and the anti-virus development community. Like of most the viruses before it, DroidKungFu was generally available from unofficial third party app stores and forums in China. 2013: Game On â New Modes of Attack2013 marked the arrival of FakeDefend, the first ransomware for Android mobile phones. Disguised as an antivirus, this malware works in a similar way to the fake antivirus on PCs. It locks the phone and requires the victim to pay a ransom (in the form of an exorbitantly high antivirus subscription fee, in this case) in order to retrieve the contents of the device. However, paying the ransom does nothing to repair the phone, which must be reset to factory settings in order to restore functionality.*Fortinetâs FortiGuard Labs