Palm Virii-Transferring On A Beam Near You?

byronne asks: "There is a completely uncharted virus distribution exploit available on Palm platforms that I've been wondering about for several months, namely, 'beaming.' By default, a Palm device's beam receive via infrared is set to on, or always ready to receive. If one were to write a piece of replicating code that ran in the OS as a hack, constantly 'beaming' copies of itself out the infrared port, you might have a significant problem at hand, especially if that code were malicious. Has anyone heard or read about this possibility?" It's possible, but the code needs to be executed. I'm not quite familiar enough with the Palm to know if this is possible once it's been "beamed."

"Picture this scenario: You're at a Comdex or other high tech tradeshow where practically every tek-head is carrying around their palm pilot. At intervals, a palm device infected with replicating code beams itself out. Nine times out of 10, it may not find a recipient, but when it does, that recipient becomes a carrier. This has nothing to do with e-mail, trojan horses or file infections; it would be the first true 'airborn' virus - similar to a biological virus. So now there are two carriers beaming around this trade show - obviously this has geometrically exponential possibilities of spreading, in theory. I haven't seen any coverage of this in the media at all, but it's my opinion that it's only a matter of time before we will need to address this. For example, Symantec developing an antivirus palm app is a step in the right direction, but it's probably pretty important to keep all infection methods in mind - not just e-mail."

Not possible to execute

[smcavoy]

As far as I know it is impossible to have a program execute with out activating it. But even before that it would have to be accepted by the user. you could attach a program to another and send that, then have it execute before the other is loaded but still very, very unliky...

The key thing is execution

[Zaffle]

If the binary (virus) isn't executed by the OS/software/user, then the most it can do is sit there and waste space. Ethier the OS/Software/User must execute the binary. Afaik the PalmOS doesn't execute code received via the IR port automagically, so its a non deal(see below).

However, it can be a deal, most virii/worms/trojans require some manual interaction, (eg the user clicking on an attachment, downloading an infected program, etc). On the other hard, due to various software bugs (or inherint design flaws), it is possible for some worm/virii to travel without user intervention util the bug is fixed.

There are two ways to make a virus/worm travel, make it likely the user will run your code (hotpic.jpg.vs or, in the good 'ol viruses, attach to every executable in the system), or to exploit a bug in a piece of software that will make it automatically run your binary.

Back on topic, Palm virii. I suppose (assuming there is no exploitable bug) a virus could just be uploaded, and wait for the user to click it. As is the case with the current trend of viruses. As we know from past experience, users will run almost anything given to them. (Even to the point of downloading a file like hotpic.jpg.vs from gnutella (which doesn't hide the extensions) and then go find it on their HD, and then double click on it!).

So if a virus can transmit itself in the form of an exe/script via email and still be considered a threat, then yup prepare for the media hype this time, as "thousands of business executives at trade shows, conferences, or even just walking down the street are at threat from this new highly dangerous virus" (ugh!).

The easiest defense against email viruses is to filter .exe's, screensavers, and various other scripts at your local mail server. The only ones that can get through after that are document macros, and I'm looking (read: someone write this for me, I don't have the time) for a linux program that can strip macros from word/excel documents. (Oh wouldn't that be nice!).

---