Proof of Concept PocketPC Virus Created

SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."

Reminds me of that windows virus...

[nmoog]

Do you accept the microsoft EULA?

E-Darwin

[Cavio]

Just like biological ecosystems, our information infrastructure has niches, and viral "life" will thrive in any niche it can find for itself. Same with spammers, they are exploiting a niche which exists to make money. Virus writers are exploiting computing niches which allow for this kind of attack.

It is inevitable that any networked system will suffer from these attacks. See the recent Mozilla shell exploits. We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.

We have basically created electronic primordial soup. Three cheers for compu-evolution!

Re:E-Darwin

[Ieshan]

Comparison:

a) There are sadistic people who like to cause people harm by investing time and money into writing virii that inconvenience, destroy data, and render devices useless - meaning to do ALL of these things ON PURPOSE.
b) Viruses evolve.

The fact is, there's no little Virus overlord someplace up in the sky that's trying to cause damage and harm to humans. There *are* lots of other humans who love causing that same damage by writing malicious code.

If everyone decided tomorrow to stop trying to break the machines that others have worked so hard to build, voila - they'd not be broken anymore.

Sadism / Sociopathy has little to do with the Biological Evolution of Viruses. What gives? Why are people so quick to assume that it's okay for people to break things and hurt people just because it's possible to do so?

Re:E-Darwin

i really cant wait to start seeing viruses for linux maybe then all you zealots will shut the hell up about MS. As Cavio stated "Linux has security issues" and with security issues and an expanded user base you are bound to get viruses running around, sooner or later it will happen, and it wont matter if there is a patch out within 24 hours of a virus release most people won't patch there computers, most of the problems with computers come from there users. But keeping bitching and moaning about MS one day you'll see, because every OS sucks.

Re:E-Darwin

[BigBir3d]

And if people were not writing the viruses for various computer and related platforms, I think the evolution of these platforms would be at a slower pace. It is of no suprise to most people that there are other people out there wanting to test the limits of what can be done.

Re:E-Darwin

[pandrijeczko]

See the recent Mozilla shell exploits.

...which were on the Windows version of Mozilla only. Yes, it was a Mozilla problem but the architecture of Windows allowed the hole to be exploited.

We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.

Yes, we have Linux security issues, no denying that because Linux is software and software is insecure.

No, we will definitely not see widespread Linux viruses. Here's the reasons:

1. Viruses attack very specific security holes in very specific product versions. The fact that 90% of Internet PC users run Windows, IE & Outlook (Express) creates a perfect community for viruses to spread. In Linux, certain applications (like, say, Mozilla) are very common but spread those over the myriads of different distro versions and the number of common platforms (down to specific library & application version levels) decreases dramatically very quickly.

2. Windows is built with a major security flaw in as much as certain core system applications always have full access to the system. Therefore, if a virus attacks via an application, it can get system-wide permissions. On a poorly administered Linux system, this can also happen but the tendency now is to run applications at a user account level, rather than at root level. Most users are also educated enough not to run constantly as root. Therefore, assuming that you are running a common application version (in 1. above), the effect will be limited by permissions if everything is running as a normal user account.

3. Linux is so customisable that it is relatively straightforward to create a very tightly secure distribution "out of the box". There is in-built kernel-based firewalling, for example and unneeded services are left turned off very easily.

4. The average Linux user is far more Internet-savvy than the average Windows user - and that's not, in any way, devaluing some of the very knowledgeable Windows people that I do work with, for example - but average Joe Bloke at home runs Windows & only tries Linux when he starts to feel like he knows a little more about how PCs and networks actually work.

To put things in perspective a little, UNIX-type systems are susceptible to directed buffer-overflow type attacks where the intruder has done some homework, scanned a particular server, worked out what daemons it runs and then what versions of daemons he/she can attack. That's why good UNIX sysadmining is knowing what daemons to run and keeping them patched to the latest versions.

But please be under no illusions - the architecture of Linux is simply not designed to allow transmission of viruses. The only time this could ever happen is if a high proportion of Linux users ran the same distro version and very common applications.

Re:E-Darwin

[FooAtWFU]

I thought the major point of a virus wasn't to cause damage and harm to humans and evil stuff like that... the point of viruses is to make the machine your zombie and send spam.

Oh, wait. Yeah, I guess you're right. Never mind.

Re:E-Darwin

[meringuoid]

The fact is, there's no little Virus overlord someplace up in the sky that's trying to cause damage and harm to humans.

Another Slashdot evolutionist... there is a Virus Overlord up in the sky trying to cause damage and harm to humans! And he does it because he LOVES you! Why do you keep making him have to hurt you?

Re:E-Darwin

[pandrijeczko]

This can only happen on a poorly-configured windows system.

I accept that but would argue that a Windows system comes "out of the box" poorly configured for security.

Also, take a script on UNIX/Linux and it's permissions are determined purely by the user who ran it, hopefully not root - therefore its effect on the system must be limited.

On Windows, you can disable ActiveX and VB scripts from running, for example, but I do not know of a way of running them safely with limited permissions. (I possibly bow to your greater knowledge of Windows security here.)

Finally, I'd ask you to consider Windows user general mentality anyway. Most home user types are going to be running their systems at home with Admministrator accounts or with themselves set as Administrators for everything they do. On the otherhand, UNIX people do what they can at their own user levels while only resorting to root to do what they need to at that time.

All of these facts illustrate how a virus/trojan program has more (potentially) devastating effects on a Windows system than a UNIX one.

Re:E-Darwin

[Sepper]

This is blatant FUD.

It is, but there is an once of truth in it. The default behavior.

By default, Windows Xp Home runs me as admin, and I had remove permissions for it the be secure...

By default, Mandrake runs me as user. I had to learn to change to root.

But I think the best behavior is with OS X (which I don't own). It prompt you with a password windows each time you need admin access. To me the says: 'STOP! think about what you are doing! Are you sure, you know what you are doing?'

Kinda like the way my sister caught Sircam.exe but when the thing poped-up in ZoneAlarm, she got the reflex to click 'No': "I don't know this application, And everything seems to work OK without it, so there...". She was infested all right, but it didn't spread... (and didn't clog her dial-up line). And off, I did have the "AAAHH! VIRUS!" Reaction when I saw the same pop-up on her computer... Now she google for the file when she don't know... I'm soo proud of my sister, growing up before my very eyes *snif*

Education, can go a long way, but if people can't know they have problems, we can't help them... Default install would go even further... If would force so people to think...

Windows isn't the problem, Ignorance is the problem. Education is the solution.

Re:E-Darwin

[Sloppy]

See the recent Mozilla shell exploits.

...which were on the Windows version of Mozilla only. Yes, it was a Mozilla problem but the architecture of Windows allowed the hole to be exploited.

Don't kid yourself. This was very much an error in the Mozilla team's way of thinking. The insecure interface that Windows had, never should have been exposed to the Internet. Normally, it wouldn't be exposed. That Mozilla exposed this interface, shows, IMHO, some carelessness and low standards of paranoia, on their part.

Linux also has APIs for use by local users, that probably should not be callable by just anyone on the internet. The recent exploit on Windows Mozilla has reduced my confidence that Linux Mozilla is not exposing internal APIs.

Mozilla is a big complex app, and I'm not sure I trust it anymore. (I sure as hell haven't audited it. Have you?) I'm starting to think I need to either stop using it, or somehow sandbox it.

No danger yet.

[vi+(editor)]

For spreading viruses need a sufficiently high density of potential victims. So your PoketPC is safe. The story is completely different if someone get this done on cell phones.

Can it really spread?

[yohanes]

Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?

It *asks* if it can spread?

[Ieshan]

Proof of Concept Amish Virus!

You have been infected. This virus works on the honor system. Please delete all files on your computer. Thank you.

How many times?

How many times does it need to be said that the plural of "virus" is "viruses", not "virii"??

Re:How many times?

manyii.

Re:How many times?

How many times does it need to be said that no one realy cares?

This is news?

[tobechar]

I mean, c'mon people, the pocket pc is running windows. This virus isn't exactly revolutionary.

At least now I can justify the Zaurus over the 'other guys'!

Yet another reason to run Linux on your PDA

[jerith]

We've come to expect decent security on desktops and servers, why not PDAs as well? At least it may make manufacturers think twice before jumping on the MS bandwagon.

Famous last words

[visgoth]

"We don't expect a major outbreak," said Eugene Kaspersky, head of anti-virus Research at Kaspersky Labs. "Duts is unable to spread independently, only infects a limited number of files, and signals its presence in the system when attempting to propagate."

Duts may not be able to spread, but take out the bits that make it "benign" and you've got the makings of a real annoyance. Even if the source for this particular virus is kept safely out of the hands of malicious individuals, the fact that its now been proven do-able means others will try.

Like the typical outlook virus

[Gopal.V]

Outlook Express: "do you want to open this file ?"
Joe Blow: "Yes"
** pc crashes ...

Ok, so how's this virus different ?.
Anyway Pocket PC viruses are going to be rarer than one for Macs ...

Reminds of Donut , the .NET virus ... but there hasn't been a real one in the wild yet ?.

bash$ alias kill='chmod -R 0666 /'

Trustworthy computing...a myth?

[bogaboga]

What happened to the Trustworthy Computing paradigm? I guess if you now mention that to [Sir] Bill G., you might not get all that much! On the other hand, I ask myself why these coders (or virus authors) do not direct their energy to coding for OSS. So many projects need a hand. My help goes in submitting bug reports and cash whenever possible. [But] I could be wrong here, may be some already do something for OSS.

Bluetooth viruses...

[Audigy]

It would be interesting if the affected Bluetooth-enabled Nokia phones mentioned in a previous article a few weeks ago were somehow able to transfer their goods to PocketPCs ... ...come on now, how many people do YOU know with a Bluetooth-enabled PocketPC, who leave Bluetooth discovery on? (I have an iPaq 2215, but Bluetooth is off to save battery life)

This is a neat proof-of-concept, but I think these virus creators should go back to hacking cell phones if they want to make waves. :)

No Worries...

[wbav]

if you have an ipaq 1940/45. It seems if something writes to the "filestore" the rom becomes corrupt and it has to be sent back to hp. As my main memory is basically full, I'll know when a virus hits; my ipaq's rom will need to be reflashed.

What this really proves...

[agraupe]

This proves that every networked computer device can be infected with a virus. This makes it stupid and illogical to assume that there will be no security holes on any given OS. What matters is how severe those security holes are, and how quickly they are patched. It is in that area that linux is firmly ahead of Microsoft (and perhaps OS X, I'm not sure).

Pocket PC issues

[Dan+East]

Creating a Pocket PC virus is a trivial matter. It uses the PE format, so I'm sure it would be very simple to adapt virii to infect Windows CE files - basically just a recompile of the virus source to XScale / ARM (assumming it is not in x86 ASM).

Windows CE is actually more secure than Windows XP because the majority of the OS is in ROM. Those files are protected at the file system level - it is not even possible to read or copy the files, let along modify them.

After an infection one could always do a hard reset to quickly have a clean device that is at least usable.

Also, the amount of damage that could be inflicted would be moderate because most PDAs are synchronized with a host PC. So the information on the PDA is essentially backed up multiple times a day.

The real concern would be a virus that could propogate over multiple platforms running different processors. This is one reason to be afraid of .NET / C# bytecode.

Dan East

Oh great...

[Steve+Cox]

If memory space for running programs on my PDA was not limited enough. Now I'll have to waste more of it running a virus checker.

Steve.

Mr Billy G is NOT a Sir

[NeonSpirit]

I know it's being predantic, but Bill G has an honorary knighthood. Only citizens of countries which reconise the queen as head of state can have full or substantive awards.

The rules are explained a little better here

Amish computer ??

[Fred_A]

Shouldn't that be "please shred all files in your desk drawer" ?

Re:Pocket PC issues (ROM isn't magic)

[jetmarc]

> Windows CE is actually more secure than Windows XP because the majority of the OS
> is in ROM. Those files are protected at the file system level - it is not even
> possible to read or copy the files, let along modify them.

Keeping files in ROM does not inherently constitute a better virus protection.
Of course, altering a ROM file is (usually) impossible. However, any complex
operating system has a lot of options for RAM or FLASH based files to "hook-in",
and RAM and FLASH are certainly not impossible to alter.

A virus that hooks into the startup sequence of a pocket device is as effective
as a hypothetical one that managed to alter the ROM of that device. Sure, a
ROM device might have a "wipe-all" reset button that gets rid of the virus,
but it would get rid of all personalization data as well - files, installed
software, addresses etc.

So, how does that make the ROM device less vulnerable to virus attacks? It
can't be rendered completely unusable. Ok. But all the other threats continue
to exist. You can loose your data, you can spread the virus to other devices,
you could even sync a multiplatform virus to your desktop PC, etc.

Marc

Do not use virii

[robnauta]

The word 'virii' never existed in Latin. The plural for 'virus' can be 'viri', but since the plural of 'vir' is also 'viri' even the old Romans avoided 'viri' as plural for 'virus'. Ending a word with 'ii' is not Latin, it's not common in any language. It's as obnoxious as writing Micro$oft.