Slashdot Mirror
Proof of Concept PocketPC Virus Created
SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."
Do you accept the microsoft EULA?
Just like biological ecosystems, our information infrastructure has niches, and viral "life" will thrive in any niche it can find for itself. Same with spammers, they are exploiting a niche which exists to make money. Virus writers are exploiting computing niches which allow for this kind of attack.
It is inevitable that any networked system will suffer from these attacks. See the recent Mozilla shell exploits. We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.
We have basically created electronic primordial soup. Three cheers for compu-evolution!
Please bid on this Karmann Ghia! Please pleas
For spreading viruses need a sufficiently high density of potential victims. So your PoketPC is safe. The story is completely different if someone get this done on cell phones.
Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?
-- tinyhack.com
Proof of Concept Amish Virus!
You have been infected. This virus works on the honor system. Please delete all files on your computer. Thank you.
How many times does it need to be said that the plural of "virus" is "viruses", not "virii"??
I mean, c'mon people, the pocket pc is running windows. This virus isn't exactly revolutionary.
At least now I can justify the Zaurus over the 'other guys'!
-
We've come to expect decent security on desktops and servers, why not PDAs as well? At least it may make manufacturers think twice before jumping on the MS bandwagon.
Duts may not be able to spread, but take out the bits that make it "benign" and you've got the makings of a real annoyance. Even if the source for this particular virus is kept safely out of the hands of malicious individuals, the fact that its now been proven do-able means others will try.
My patience is infinite, my time is not.
Anyway Pocket PC viruses are going to be rarer than one for Macs
Reminds of Donut , the .NET virus ... but there hasn't been a real one in the wild yet ?.
bash$ alias kill='chmod -R 0666 /'
Quidquid latine dictum sit, altum videtur
The user to my understanding still has to accept the incomming file. so just make it a polocy (like email) don't open a file unless you are expecting it. Better yet turn of bluetooth discoverbility.
A virus! It'll format the PocketPC's harddrive and install spyware!
What happened to the Trustworthy Computing paradigm? I guess if you now mention that to [Sir] Bill G., you might not get all that much! On the other hand, I ask myself why these coders (or virus authors) do not direct their energy to coding for OSS. So many projects need a hand. My help goes in submitting bug reports and cash whenever possible. [But] I could be wrong here, may be some already do something for OSS.
Can your Palm do this?
Join Team Mozilla #38050 Folding@home
"Is that a virus in your Pocket or are you just happy to see me?"
-C.
It would be interesting if the affected Bluetooth-enabled Nokia phones mentioned in a previous article a few weeks ago were somehow able to transfer their goods to PocketPCs ... ...come on now, how many people do YOU know with a Bluetooth-enabled PocketPC, who leave Bluetooth discovery on? (I have an iPaq 2215, but Bluetooth is off to save battery life)
:)
This is a neat proof-of-concept, but I think these virus creators should go back to hacking cell phones if they want to make waves.
[an error occured while processing this directive]
I'll turn this around and say "at least now I can justify the PalmOne Tungsten C. Why not use an OS actually designed for handhelds?
Love,
Letter
if you have an ipaq 1940/45. It seems if something writes to the "filestore" the rom becomes corrupt and it has to be sent back to hp. As my main memory is basically full, I'll know when a virus hits; my ipaq's rom will need to be reflashed.
=================
Unix is very user friendly, it's just picky about who its friends are.
The idea of spreading viruses via Sybian seems far more sinister, and far nastier. All things considered, it was only a matter of time before the Sybian was used as an infection vector.
I want to delete my account but Slashdot doesn't allow it.
This proves that every networked computer device can be infected with a virus. This makes it stupid and illogical to assume that there will be no security holes on any given OS. What matters is how severe those security holes are, and how quickly they are patched. It is in that area that linux is firmly ahead of Microsoft (and perhaps OS X, I'm not sure).
The answer is here in this report 21kb PDF.
Given how many PDA's and combo PDA/cellphones out there run PalmOS, I'm surprised that someone malevolent "cracker" hasn't created a virus that will cause problem with PalmOS-based units already.
And when that happens and it spreads in the wild, the results will be ugly. =(
You did not get Latin classes. Get over it. There is nothing to be ashamed of. That language is only useful to scholars, and even a Romance language speaker will get a better grasp at his own language by learning a near (foreign romance) or far (German) cousin language. So don't try to make up a plural form for Latin words. the plural form of virus is not virii, that would be the plural form of virius. "Virus" is apparently one of the few neuter words of the second declination, and has no plural. more info
Creating a Pocket PC virus is a trivial matter. It uses the PE format, so I'm sure it would be very simple to adapt virii to infect Windows CE files - basically just a recompile of the virus source to XScale / ARM (assumming it is not in x86 ASM).
.NET / C# bytecode.
Windows CE is actually more secure than Windows XP because the majority of the OS is in ROM. Those files are protected at the file system level - it is not even possible to read or copy the files, let along modify them.
After an infection one could always do a hard reset to quickly have a clean device that is at least usable.
Also, the amount of damage that could be inflicted would be moderate because most PDAs are synchronized with a host PC. So the information on the PDA is essentially backed up multiple times a day.
The real concern would be a virus that could propogate over multiple platforms running different processors. This is one reason to be afraid of
Dan East
Better known as 318230.
If memory space for running programs on my PDA was not limited enough. Now I'll have to waste more of it running a virus checker.
Steve.
I take it you're not and optimist!
there is a difference between being an optimist and seeing reality. i am all for open source, i am also all for companys making a living off of there products like MS. I have a feeling that open source projects will contuine to catch on, especially projects such as firefox. but the problem will always remain that there will be stupid people using computers, and as long as there are stupid people to open attachments and not install the proper patches we are going to have the same damn problem over and over again.
personally i think there should be some sort of punishment system, if you open an email attachment and get a virus someone should come to your house or place of work and hit in you the head with a baseball bat (first time offender). if that doesnt convince you to watch out then on the second time you get an email virus and open it some should just drag your sorry ass out to the street and beat you to death. i think this would encourage a whole new age of computer fluency.
I know it's being predantic, but Bill G has an honorary knighthood. Only citizens of countries which reconise the queen as head of state can have full or substantive awards.
The rules are explained a little better here
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered.....my life is my own.
Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?
It's not a phone virus, it's a Pocket PC virus.
From the article:
The first computer virus to infect handheld devices running Microsoft's PocketPC OS was discovered over the weekend... Cabir - like Duts - was a proof-of-concept exercise. In both instances, 29A sent its malicious code straight to anti-virus firms.
To my mind, the word "discovered" doesn't really apply here.
Previous attempts have been made to monkey around with handhelds. Google is now overflowing with this latest 'news' but I am pretty sure this is not a first. Palms have had their IR connections compromised. Pocket PCs were never going to be bulletproof in the first place.
This threat assessment might be useful to someone.
As usual, The Straight Dope has an exhaustive entry on the issue:
on CNET news
The lunatic is in my head
Shouldn't that be "please shred all files in your desk drawer" ?
May contain traces of nut.
Made from the freshest electrons.
> Windows CE is actually more secure than Windows XP because the majority of the OS
> is in ROM. Those files are protected at the file system level - it is not even
> possible to read or copy the files, let along modify them.
Keeping files in ROM does not inherently constitute a better virus protection.
Of course, altering a ROM file is (usually) impossible. However, any complex
operating system has a lot of options for RAM or FLASH based files to "hook-in",
and RAM and FLASH are certainly not impossible to alter.
A virus that hooks into the startup sequence of a pocket device is as effective
as a hypothetical one that managed to alter the ROM of that device. Sure, a
ROM device might have a "wipe-all" reset button that gets rid of the virus,
but it would get rid of all personalization data as well - files, installed
software, addresses etc.
So, how does that make the ROM device less vulnerable to virus attacks? It
can't be rendered completely unusable. Ok. But all the other threats continue
to exist. You can loose your data, you can spread the virus to other devices,
you could even sync a multiplatform virus to your desktop PC, etc.
Marc
Windows Mobile is easy enough to mess up without viruses. It implements the registry like on desktop Windows, only it's harder to backup.
Quite a few people on the E800 forum I read have had problems where their Bluetooth stops working.
Boy I sure am glad that you're so kind and loving that you think being a superior computer-user is the most important thing ever to happen to earth. Some of the most computer illiterate people I know are mostly wealthy business owner people... ya know, like the ones who give YOU a job. So beat your paycheck to death, that'd be funny.
This virus was written by a satanic cult that listens to heavy metal music!
The word 'virii' never existed in Latin. The plural for 'virus' can be 'viri', but since the plural of 'vir' is also 'viri' even the old Romans avoided 'viri' as plural for 'virus'. Ending a word with 'ii' is not Latin, it's not common in any language. It's as obnoxious as writing Micro$oft.
PalmOS viruses have already been reported. PalmOS has a larger market share than PocketPC. Can these numbers be used to understand the relative importance of availability versus vulnerability in the incidence of info viruses?
--
make install -not war
Just think of all those Symantec Anti-Virus for Pocket PC software packages Symantec is going to sell to the stupid masses.
Voting them all out of office, now that's change I can believe in.
A grad student did this at ISU over 2 years ago when the iPaq was new. His virus didn't do anything harmful but it did propogate itself over wireless newtworks and was an interesting demo for the computer engineering ugrads.
I do not own a Windows CE machine, but Palm OS has a special reset mode where no OS add-ons are loaded in order to allow the user to troubleshoot problems with them (hold the up button while pushing the reset pin). In this mode it would be possible to delete any virus that has been installed and then reset regularly. I assume Windows CE has a similar option.
Centralization breaks the internet.
One would think that those basions of error free programming, Linux and PalmOS, were immune to viruses. Such does not appear to be the case, however.
1)I buy a PDA/phone thingy from my cell phone provider.
2)I load it up with all my personal and business contacts, schedule, etc.
3)Someone 'bluejacks' me, or otherwise steals my information, and uses that information to contact everyone I know and annoy them.
4)I sue my cell phone provider and the PDA manfacturer for selling me an insecure device that allowed this to happen.
Has this scenario been played out yet for real?
Could a lawsuit like this cause service providers and thier vendors to take security a little more seriously?
I feel that alot of the stuff we buy goes untested in this regard because the providers have no big reason to take enough time to test it properly.
As an analogy, if masterlock sells a padlock that has a master combination published on the web, would they be liable for losses?
once again leads to a system lousy with overflows and lacking any real security. Amazing how a 14 year old with a less than a high school education can out-smart an entire team of PHD level engineer's, and of course the fault lies with the 'kid' not with the incompentent developers who are being outcoded by children...
If you have the nerve to claim to be a professional and you can't keep up with the joe-kid on the block, who is to blame for this ? The kid using the exploit or the developers who claim to know what they are doing ?