The worm, dubbed "Cabir", was discovered in the US earlier this week. It uses the Bluetooth short-range wireless feature of smart phones that run the Symbian operating system to detect other Symbian phones.
Nokia, which is in the process of buying a controlling share of Symbian, the company that licenses the operating system of the same name, admitted in a statement released late Wednesday night (AEST) that Nokia models that run the Series 60 smart phone platform could be affected by the worm. The platform is used by other major smart phone manufacturers including Siemens, Samsung, Sendo and Panasonic.
The threat is, however, "relatively small and unlikely to mirror the risk profile of the fixed Internet," according to the statement.
On Monday, the same day as anti-virus companies in the US raced to decipher -Cabir", Nokia released five new phones, including the 6630, a wideband CDMA (Code Division Multiple Access) smart phone which runs on the Symbian OS.
It is believed that the worm was sent by the originator to the anti-virus vendors to generate publicity. After infecting a phone, the program creates an application package file containing the worm and passes it to another phone over an automatically established Bluetooth connection. The phone that received the program installs the application, thus infecting itself.
Nokia said it was "alert to the existence of a laboratory-recognised concept worm, which attempts to replicate itself over Bluetooth. The worm sends a copy of itself to "visible" Bluetooth devices." However in the statement Nokia claimed that the worm will not affect the device unless the user takes the active step of accepting it.
"Additionally, the worm cannot find devices in which Bluetooth is switched to 'hidden' mode, or those in which Bluetooth is switched off. The worm is not spread over mobile networks".
The GSM Association has confirmed that "Cabir" has no impact on networks, with the only impact being on users and their devices. It claims that analysis of the worm's code has not yet detected any malicious payload but battery life is likely to substantially reduced because of the constant scanning for Bluetooth-enabled devices.
Since Bluetooth is essentially a means of sharing data, the best precaution is to exercise caution when accepting files from unknown or untrusted sources, Nokia advised. "If the worm is accepted to a device, it can be deleted without causing any harm to the device," the statement advised.
Nokia said it is continuing to monitor the situation. "When potential issues come to our attention, we analyse them and take appropriate measures. Based on the analyses to date, Nokia believes the current security threat is relatively small and unlikely to mirror the risk profile of the fixed Internet," the statement read.
Symbian claims that in order for a device to be infected by "Cabir" it is necessary for the user to confirm two software installation actions. There are no reports of it being seen "in the wild" and the risk of the malware spreading is limited as only the first Bluetooth device found is targeted for onward distribution and this may not be a vulnerable Series 60 device.
Anti-virus companies Sophos and Symantec have both played down reports of the risks posed by "Cabir", rating the distribution and damage potential of the worm as being low.
However the GSM Association advised users to reduce the risk of an attack by heeding the "installation security warning" and not enabling the installation and by turning off the "visible to others" Bluetooth setting in their phones to protect against unsolicited malicious programs.