Viruses, Trojans And Worms -- Unplugged?

← Back to Stories (view on slashdot.org)

Viruses, Trojans And Worms -- Unplugged?

Posted by timothy on Friday August 24, 2001 @07:41AM from the wait-for-low-earth-orbit-sats dept.

An Anonymous Coward writes: "This two-part article at Wireless NewsFactor examines the risks of malicious code on wireless platforms and what companies can do to combat potential threats. The gist of it is that wireless viruses/worms/trojans are unlikely to spread unchecked, and it digs pretty deep into why that is the case."

17 of 88 comments (clear)

Min score:

Reason:

Sort:

deCSS virus by kaldari · 2001-08-24 07:47 · Score: 4, Funny

Why doesn't someone write an email virus that includes the alogirithm to decode DVDs? Then everyone would be breaking the law! Yeehaw! Breakin' the law!
This reminds me by wbav · 2001-08-24 07:52 · Score: 5, Funny

Of once, with the ILUVU virus, we had a person re-infect their machine, becuase they downloaded the virus in their e-mail into their palm. When we cleaned the machine for her, she synced up her palm and put the e-mail back. The lady was stupid enough to click on it a second time.

--

=================
Unix is very user friendly, it's just picky about who its friends are.
PDA's are even more vulnerable to attacks by UltraBot2K1 · 2001-08-24 07:53 · Score: 3, Troll

Point-Counterpoint: Portable wireless viruses such as Palms, PocketPCs, and wireless phones are, in my opinion even more vulnerable to attacks. Think about it for a moment, when was the last time you installed a firewall or virus protection software on your cell phone? Never...that's because it doesn't exist. Portable software is written with the number one priority being size. Flash storage is expensive, and most devices don't have more than 32 MB at most available. Software needs to be extremely compact, and in the process, loses some of it's functionality. The focus is on cramming as many features into as little space as possible, and security is often overlooked.
Also, many portable devices aren't easily programmed, and some cannot be programmed without physically modifying the device. Sure you can download a dev kit for your PDA, but not that many people know how to code for them. Cell phones are even harder to write code for. That means bugfixes and patches are going to be slow or non-existant, leaving them even more vulnerable to security exploits.
Finally, the userbase of most cellular phones and PDA's aren't exactly the most technically saavy people out there. Most users of these devices are ignorant yuppies who could care less about security issues of the WAP protocol vs. Bluetooth. These people don't care/don't know better. All they want to do is talk to their girlfriends/write a grocery list while they're driving home in their BMW or SUV. Most, if not all cell phone users are simply too ignorant to care about security.

--
Slashdot: Open Source, Closed Minds.
1. Re:PDA's are even more vulnerable to attacks by jandrese · 2001-08-24 08:01 · Score: 2
  
  The problem is spreading the Viruses. Once you get something executing on a Palm platform it can really take over, but it's fairly hard to spread malicous code around on the palm. Most people only beam business cards, not executable applications. The best bet seems to be to trojan the hotsync app, but even that is just a computer virus that happens to do something to the Palm, it's not like people share lots of cradles since every palm comes with one and it's not particularly easy for non-technical people to use the built in facilties for remote syncing.
  
  --
  
  I read the internet for the articles.
2. Re:PDA's are even more vulnerable to attacks by 4n0nym0u53+C0w4rd · 2001-08-24 08:12 · Score: 2, Insightful
  
  Once you get something executing on a Palm platform it can really take over, but it's fairly hard to spread malicous code around on the palm. Most people only beam business cards, not executable applications.
  
  The palm does present a fairly straightforward vulnerability to beamed viruses. Because you can beam applications as well as data, and the verification screen that the palm displays upon receipt of an item is generally just "okayed," there is a possibility for sending malicious apps.
  
  I'm sure somebody could write an app or a hack that captured beam attempts and sent virus code instead of (or in addition to) the intended data. So, you try to beam a business card and a small application gets sent to the other person. The new application is named, lets say, "Preferences" or "Updater", the person runs it, and infects their own palm... etc. etc. (and imagine a trojan with a time delayed payload... a cool app with a feature set like vidigo could be all over the place before Bad Things happen...)
  
  A lack of tech savvy users, coupled with frequent beaming is a potential danger. Not pretty...
  
  --
  Buy Hex-Rated Stuff, fight the DMCA!
3. Re:PDA's are even more vulnerable to attacks by jandrese · 2001-08-24 09:26 · Score: 2
  
  Basically that's an email virus...in the days before outlook. The person has to not only okay the download, but then run the application (and many people don't ever run anything other than the datebook, address book, memo pad, and maybe the calculator. Even non-savvy users have to work to start the spread of this little beauty. Worse, you have to walk right up to someone to spread it, so you can't get Melissa like rates of infection.
  
  A time delay trojan is something else entirely. It's just a net virus that affects the palm. You still have the above mentioned problems if the virus tries to propagate through the IR port.
  
  One final note: the IR port is slow if your virus is bigger than a few k, the people are going to think something's wrong and pull their Palm's back to investigate (IE if that busniess card that takes half a second to transfer normally is taking 30 seconds, then they might think something is broken and trade traditional business cards.
  
  All this strikes me as theoretically possible but somewhat infeasable in practice.
  
  --
  
  I read the internet for the articles.
"Viruses, Trojans And Worms -- Unplugged?" by abischof · 2001-08-24 07:58 · Score: 2

Come on, Timothy.. According to my book Requisite Puns for Journalistic Headlines, it clearly states that :

When writing a headline listing three items followed by an exclamation, the exclamation must always be "Oh, my". No exceptions.

--
Alex Bischoff
HTML/CSS coder for hire
Buzzwords, get them hot and fresh by migstradamus · 2001-08-24 07:59 · Score: 2, Funny

Let's see when the clever media use these terms regarding wireless malware:
"air-borne virus"
"pegasus" (flying trojan, oh never mind)
"Quetzalcoatl" (you can figure it out)

More prosaic:
"wireless worm"
"Code Infrared"
I think it was summed up.... by Lxy · 2001-08-24 08:03 · Score: 3, Funny

in the very first paragraph. Anything that can be programmed can be programmed to do bad things. In my opinion, wireless opens up a new door. Since all devices must communicate over open air, they're easily sniffed. Just wait until someone figures out how to HIJACK a packet and trick the wireless device into thinking it's contacting a trusted host when in fact it's exchanging packets with a trojaned host. Then you open up a new attack angle. Suddenly you're downloading a spreadsheet to your PDA that's not a spreadsheet, it's an Excel macro virus.

IMHO this article is really arrogant. It's still a well known fact that unplugging your computer is the only true security, connecting it via wireless is opening up the channel even wider.

--

There is no reasonable defense against an idiot with an agenda
:wq
1. Re:I think it was summed up.... by Lxy · 2001-08-24 09:07 · Score: 2
  
  I do realize the complexity of hijacking a packet. Yes, my post was completely theoretical, but then again most attacks start with a good theory. I don't know the first thing about WAP but if it has any sort of error detection (such as filtering out weaker "ghost" signals) you may be able to RF shield the the trusted host and assume it's indentity with another. The wireless device will go for the stronger source and viola, you have a hijacking. The inital ideas I have on the subject could only be done in a lab, in the real world it'd be tougher to do (climbing towers while carrying 100 square feet of sheet metal and so forth). Anyway, this is all theory but hand it to an engineering student and it'll only be a matter of time when this happens.
  
  --
  
  There is no reasonable defense against an idiot with an agenda
  :wq
Virus/worm/trojan by boinger · 2001-08-24 08:09 · Score: 3, Funny

Is that what they're calling WinCE these days?
Finally, they agree with me.

--
Send your friends messages of love at fuck-you.org
Re:Not a virus programmer, but... by jeffy124 · 2001-08-24 08:29 · Score: 4, Interesting

with the number of wireless devices using Sun's Java Micro, that's an interesting thought. I know at JavaOne last June the numbers were stagering, but I dont remember what they were specifically. All I remember were CEOs from Nokia and other big name wireless companies telling how they've embraced the j2me for their products. By having the j2me on all these devices, one virus could wipe them all out quickly, much like many windows-related worms.

But, as you say, that requires an 'in.' The J2ME inherits it's security model from the desktop version, hence wireless apps are essentially running in a sandbox that prevent and prohibit certain types of behavior, almost as if there's an anti-virus tool installed on the device.

--
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Re:The main problem is ignorance by freeweed · 2001-08-24 08:36 · Score: 4, Interesting

Not to sound like a troll, but shouldn't an 'experienced UNIX programmer' generally have the requisite skills to look up 'i love you virus' in Google, read that it only affects Outlook, and move on? I think a bigger problem is people's unwillingness to RESEARCH a problem themselves.

--
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Notice the pro-Microsoft spin? by Ungrounded+Lightning · 2001-08-24 08:44 · Score: 2

Did you notice this spin?

Malicious code can replicate more easily when more hosts are available, so virus creators tend to focus on widely used platforms. (That is why few viruses exist for wireless platforms right now -- and why more viruses plague Windows platforms than Mac or Linux platforms.)

Obviously Windows' market penetration is the ONLY reason Unix/Linux platforms have essentially no viruses while Windows has so many it's spawned an ENTIRE INDUSTRY of virus-protection software. The organization and quality of the software and the number of people looking for and fixing bugs have absolutely NOTHING to do with it.

So if a lot of people abandoned Windows for Unix, Linux, or OSX virus writers would write viruses for them. Since only popularity matters, they'd succeed as easily with those other operating systems and app suites as they do now with Windows. So viruses would be just as much of a problem as they are now. So don't bother to switch.

Subtle, isn't it?

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Re:The sad thing is... by krmt · 2001-08-24 08:55 · Score: 2

I agree with this. While you've got some brain-dead design decisions on Windows (Outlook) Linux users aren't immune to viruses. Just because you use Linux doesn't mean you should go downloading and executing untrusted code or random files that are sent to you.

--

"I may not have morals, but I have standards."
Re:Not a virus programmer, but... by StenD · 2001-08-24 09:00 · Score: 2

The J2ME inherits it's security model from the desktop version, hence wireless apps are essentially running in a sandbox that prevent and prohibit certain types of behavior, almost as if there's an anti-virus tool installed on the device.
Well, that's the design, at least. Unfortunately, that doesn't mean that the implementation lives up to the design. I would be surprised if there isn't at least one J2ME virus which expoits a vulnerability in the sandbox.
Popularity != Virus Written by gmhowell · 2001-08-24 09:00 · Score: 2

Popularity is a key predictor of where viruses, worms and trojans will turn up, according to Prince. Malicious code can replicate more easily when more hosts are available, so virus creators tend to focus on widely used platforms. (That is why few viruses exist for wireless platforms right now -- and why more viruses plague Windows platforms than Mac or Linux platforms.)

Prince noted that if a platform -- wireless or not -- is popular, virus writers have two advantages. "One, they're able to find out how it works more easily," he said, "and, secondarily, the thing that they create has both higher visibility and a larger population to spread in.

Ahem.... WRONG!

Apache and Linux both have source available. Therefore, it should be MUCH easier to figure out how they work than IIS/Win2K. Apache/Linux is deployed across more web servers than IIS/Win2K. Therefore, more people should write viruses to the more popular program.

So then why is CodeRed (I,II,III,IV,etc.) for IIS/Win2k? Because IIS/Win2k is a funnier target. It's more fun to stick a thumb in Bill's eye than in Linus' eye.

--
Jesus was all right but his disciples were thick and ordinary. -John Lennon