The day the computer security community had anticipated for years finally arrived in June 2004. I and other researchers who study malicious forms of software knew that it was only a matter of time until such malware appeared on mobile phones as well. As cell phones have evolved into smartphones--able to download programs from the Internet and share software with one another through short-range Bluetooth connections, worldwide multimedia messaging service (MMS) communications and memory cards--the devices' novel capabilities have created new vulnerabilities. Scoundrels were bound to find the weaknesses and exploit them for mischief or, worse, for criminal gain.

Sure enough, three summers ago security experts found the first rogue program written specifically for smartphones. Dubbed Cabir, it was a classic proof-of-concept virus, clearly created to capture bragging rights. It caused no damage to an infected device, other than running down the phone's battery as the virus tried to copy itself to another smartphone by opening a Bluetooth connection. The anonymous author, most likely somewhere in Spain, chose to post Cabir on a Web site rather than releasing it into the wild. But within two months other scofflaws had turned it loose in Southeast Asia. It soon spread worldwide.