M-Commerce on Watch as Cabir Mobile Worm Spreads

One of the first widespread mobile phone viruses has now been spotted in 20 countries worldwide, further proof to some that security issues threaten to stall the adoption of the types of robust wireless handsets and mobile services that will enable a mobile commerce industry to emerge.

Finland-based security firm F-Secure said the Cabir worm has been confirmed in Luxembourg, marking the 20th country worldwide where the malware has been confirmed to have spread since first appearing in the Philippines last August.

Some security researchers have warned that once they reach critical mass, mobile viruses will have the ability to spread very rapidly, especially as more widespread adoption of smartphones takes place.

First Smartphone Worm

Cabir emerged last summer as the first circulating worm to spread via smartphones. Its spread has been somewhat muted, as it relies heavily on proximity to other devices and the Bluetooth short-distance wireless protocol to spread. Since then, similar virus code has been published on the Internet and a number of related threats have emerged.

With smartphone use still representing only a fraction of all mobile activity, the threat of such viruses is often downplayed in the short term. However, the longer-range implications of failing to stem the tide of mobile viruses could be chilling.

Just as Web security is often cited by those reluctant to buy online as one reason for being wary of e-commerce, mobile commerce will be hampered by security concerns, with even minor virus outbreaks able to give users pause before buying into mobile commerce, such as using credit cards to purchase streaming music or making on-the-spot purchases from merchants.

Awareness but Inaction

Cabir's continued spread comes as evidence emerges that smartphone users are increasingly aware of the growing security threat facing their devices, but by and large are not changing the way they use their hand-helds.

A survey conducted by security firm Symantec (Nasdaq: SYMC) found that more than 70 percent of smartphone users are aware that worms, viruses and other threats exist for smartphones, but also found that most had not changed the way they use their devices as a result.

Symantec found that more than 55 percent still store sensitive personal information on their smartphones, 37 percent keep sensitive business data there and nearly 30 percent store potentially sensitive data belonging to third party clients on their devices.

Symantec, like other research firms, says the threats today are relatively light, but will only increase as use of Web-connected hand-helds grows and as more virus writers turn to the mobile arena to gain their infamy.

"As smartphones replace lower-end devices, this will drive the take-up of applications and usage, and carriers will continue to push new services that send all kinds of content to the phone," Matt Ekram, mobile security product manager at Symantec, said. "That will open up a lot of opportunity for hackers and virus writers to do something malicious, and we still need to educate the public more effectively as to what they should do to protect their devices."

Keeping It in Perspective

However, many security researchers say the level of threat is not as great as some perceive. Cabir likely spread as far as it did through places like airports, where small changes in behavior, such as training users to turn off their phones' Bluetooth functionality when not being used, would help stem the spread further.

Sophos antivirus consultant Graham Cluley told the E-Commerce Times that despite a rash of malware written specifically for mobile devices, few true outbreaks have occurred, with even Cabir being responsible for a relatively small number of actual infections.

"Virus writers are still focused on the desktop, because that's where the biggest bang for the buck still is," Cluley said. "Mobile malware will grab some headlines because it's new, but the fact is that a new e-mail worm is far more dangerous and troubling."