Mobile viruses could score big at soccer World Cup

Next year's FIFA World Cup soccer tournament in Germany could be fertile ground for mobile phone viruses if the World Athletics Championships in Finland, which ended Sunday, are any indication, security experts warn.

Visitors to the athletic event in Helsinki not only had to brave wind and rain, but also face the threat of catching the Cabir mobile phone worm.

Outbreaks of the malware, which first surfaced in June last year, were reported in Helsinki's Olympic Stadium, according to Mikko Hyppönen, chief research officer for antivirus research at F-Secure Corp.

"We are aware of at least a couple of dozen phones being infected with the Cabir A or B worm, but many more people reported having received messages to accept a connection on their smart phones," he said. "We observed an alarmingly high level of malicious activity at the event."

Cabir uses Bluetooth short range wireless signals to jump between cell phones over distances of up to 10 meters (30 feet). In a packed stadium, this could spell trouble for unknowing users.

"There was activity (of this type) at the Live 8 concerts earlier this summer," Hyppönen said. "The World Cup soccer games in Germany next summer, like all mass gatherings, will almost certainly be a target. We expect a lot of people will be using mobile phones in and around the stadiums."

To get infected with Cabir, mobile phones must be running the Symbian OS (operating system) with the Series 60 user interface software, have the Bluetooth wireless communications feature enabled and set to listen for other Bluetooth devices, and be within broadcast range of a phone infected with Cabir.

Even then, the phone's owner must click multiple times to download and install the Symbian Installation File (SIS) to their phone, according to Hyppönen.

"You could say, yes, a user has to be a bit stupid to go through all these steps to get a virus, but there is a trick," he said. "If you're within range of an infected phone, you'll constantly be alerted to accept a connection. If you say 'no', the message keeps reappearing. So some frustrated users just push "yes" to get rid of that message and the other installation and security alerts."

While Cabir carries little in the way of a malicious payload, the virus will wear down batteries quickly -- from days to as little as 30 minutes -- as it constantly tries to broadcast itself onwards. Switching off Bluetooth blocks transmission.

Nokia Corp. and Siemens are among the manufacturers of handsets using Symbian OS and Series 60 software.

New Symbian OS software, v. 9, will include new security features to help combat mobile malware, according to Hyppönen. The software is expected within the coming weeks, he said.

Hyppönen also urged users to install antivirus software.