Slashdot Mirror


Proof of Concept PocketPC Virus Created

SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."

8 of 152 comments (clear)

  1. Can it really spread? by yohanes · · Score: 5, Interesting

    Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?

  2. Like the typical outlook virus by Gopal.V · · Score: 3, Interesting
    Outlook Express: "do you want to open this file ?"
    Joe Blow: "Yes"
    ** pc crashes ...
    Ok, so how's this virus different ?.
    Anyway Pocket PC viruses are going to be rarer than one for Macs ...

    Reminds of Donut , the .NET virus ... but there hasn't been a real one in the wild yet ?.

    bash$ alias kill='chmod -R 0666 /'

  3. Re:E-Darwin by Anonymous Coward · · Score: 3, Interesting

    i really cant wait to start seeing viruses for linux maybe then all you zealots will shut the hell up about MS. As Cavio stated "Linux has security issues" and with security issues and an expanded user base you are bound to get viruses running around, sooner or later it will happen, and it wont matter if there is a patch out within 24 hours of a virus release most people won't patch there computers, most of the problems with computers come from there users. But keeping bitching and moaning about MS one day you'll see, because every OS sucks.

  4. Pocket PC issues by Dan+East · · Score: 3, Interesting

    Creating a Pocket PC virus is a trivial matter. It uses the PE format, so I'm sure it would be very simple to adapt virii to infect Windows CE files - basically just a recompile of the virus source to XScale / ARM (assumming it is not in x86 ASM).

    Windows CE is actually more secure than Windows XP because the majority of the OS is in ROM. Those files are protected at the file system level - it is not even possible to read or copy the files, let along modify them.

    After an infection one could always do a hard reset to quickly have a clean device that is at least usable.

    Also, the amount of damage that could be inflicted would be moderate because most PDAs are synchronized with a host PC. So the information on the PDA is essentially backed up multiple times a day.

    The real concern would be a virus that could propogate over multiple platforms running different processors. This is one reason to be afraid of .NET / C# bytecode.

    Dan East

    --
    Better known as 318230.
  5. Re:Pocket PC issues (ROM isn't magic) by jetmarc · · Score: 4, Interesting

    > Windows CE is actually more secure than Windows XP because the majority of the OS
    > is in ROM. Those files are protected at the file system level - it is not even
    > possible to read or copy the files, let along modify them.

    Keeping files in ROM does not inherently constitute a better virus protection.
    Of course, altering a ROM file is (usually) impossible. However, any complex
    operating system has a lot of options for RAM or FLASH based files to "hook-in",
    and RAM and FLASH are certainly not impossible to alter.

    A virus that hooks into the startup sequence of a pocket device is as effective
    as a hypothetical one that managed to alter the ROM of that device. Sure, a
    ROM device might have a "wipe-all" reset button that gets rid of the virus,
    but it would get rid of all personalization data as well - files, installed
    software, addresses etc.

    So, how does that make the ROM device less vulnerable to virus attacks? It
    can't be rendered completely unusable. Ok. But all the other threats continue
    to exist. You can loose your data, you can spread the virus to other devices,
    you could even sync a multiplatform virus to your desktop PC, etc.

    Marc

  6. Re:E-Darwin by pandrijeczko · · Score: 4, Interesting
    This can only happen on a poorly-configured windows system.

    I accept that but would argue that a Windows system comes "out of the box" poorly configured for security.

    Also, take a script on UNIX/Linux and it's permissions are determined purely by the user who ran it, hopefully not root - therefore its effect on the system must be limited.

    On Windows, you can disable ActiveX and VB scripts from running, for example, but I do not know of a way of running them safely with limited permissions. (I possibly bow to your greater knowledge of Windows security here.)

    Finally, I'd ask you to consider Windows user general mentality anyway. Most home user types are going to be running their systems at home with Admministrator accounts or with themselves set as Administrators for everything they do. On the otherhand, UNIX people do what they can at their own user levels while only resorting to root to do what they need to at that time.

    All of these facts illustrate how a virus/trojan program has more (potentially) devastating effects on a Windows system than a UNIX one.

    --
    Gentoo Linux - another day, another USE flag.
  7. Re:E-Darwin by Sepper · · Score: 4, Interesting

    This is blatant FUD.

    It is, but there is an once of truth in it. The default behavior.

    By default, Windows Xp Home runs me as admin, and I had remove permissions for it the be secure...

    By default, Mandrake runs me as user. I had to learn to change to root.

    But I think the best behavior is with OS X (which I don't own). It prompt you with a password windows each time you need admin access. To me the says: 'STOP! think about what you are doing! Are you sure, you know what you are doing?'

    Kinda like the way my sister caught Sircam.exe but when the thing poped-up in ZoneAlarm, she got the reflex to click 'No': "I don't know this application, And everything seems to work OK without it, so there...". She was infested all right, but it didn't spread... (and didn't clog her dial-up line). And off, I did have the "AAAHH! VIRUS!" Reaction when I saw the same pop-up on her computer... Now she google for the file when she don't know... I'm soo proud of my sister, growing up before my very eyes *snif*

    Education, can go a long way, but if people can't know they have problems, we can't help them... Default install would go even further... If would force so people to think...

    Windows isn't the problem, Ignorance is the problem. Education is the solution.

    --
    I live in Soviet Canuckistan you insensitive clod!
  8. Re:E-Darwin by Sloppy · · Score: 3, Interesting
    See the recent Mozilla shell exploits.

    ...which were on the Windows version of Mozilla only. Yes, it was a Mozilla problem but the architecture of Windows allowed the hole to be exploited.

    Don't kid yourself. This was very much an error in the Mozilla team's way of thinking. The insecure interface that Windows had, never should have been exposed to the Internet. Normally, it wouldn't be exposed. That Mozilla exposed this interface, shows, IMHO, some carelessness and low standards of paranoia, on their part.

    Linux also has APIs for use by local users, that probably should not be callable by just anyone on the internet. The recent exploit on Windows Mozilla has reduced my confidence that Linux Mozilla is not exposing internal APIs.

    Mozilla is a big complex app, and I'm not sure I trust it anymore. (I sure as hell haven't audited it. Have you?) I'm starting to think I need to either stop using it, or somehow sandbox it.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.