Proof of Concept PocketPC Virus Created

SpooForBrains writes "The Register has reported that "Ratter" of the virus writing group 29A has created the world's first PocketPC virus as a proof of concept. This one has no payload and is polite enough to ask if it can spread, so the dangers are minimal, but it occurs that the possibility of PocketPC and Symbian virii suddenly makes the concept of bluejacking somewhat more sinister."

Reminds me of that windows virus...

[nmoog]

Do you accept the microsoft EULA?

E-Darwin

[Cavio]

Just like biological ecosystems, our information infrastructure has niches, and viral "life" will thrive in any niche it can find for itself. Same with spammers, they are exploiting a niche which exists to make money. Virus writers are exploiting computing niches which allow for this kind of attack.

It is inevitable that any networked system will suffer from these attacks. See the recent Mozilla shell exploits. We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.

We have basically created electronic primordial soup. Three cheers for compu-evolution!

Re:E-Darwin

[pandrijeczko]

See the recent Mozilla shell exploits.

...which were on the Windows version of Mozilla only. Yes, it was a Mozilla problem but the architecture of Windows allowed the hole to be exploited.

We have Linux security issues, and as the OS gains popularity, we will start to see virii for it. It will happen.

Yes, we have Linux security issues, no denying that because Linux is software and software is insecure.

No, we will definitely not see widespread Linux viruses. Here's the reasons:

1. Viruses attack very specific security holes in very specific product versions. The fact that 90% of Internet PC users run Windows, IE & Outlook (Express) creates a perfect community for viruses to spread. In Linux, certain applications (like, say, Mozilla) are very common but spread those over the myriads of different distro versions and the number of common platforms (down to specific library & application version levels) decreases dramatically very quickly.

2. Windows is built with a major security flaw in as much as certain core system applications always have full access to the system. Therefore, if a virus attacks via an application, it can get system-wide permissions. On a poorly administered Linux system, this can also happen but the tendency now is to run applications at a user account level, rather than at root level. Most users are also educated enough not to run constantly as root. Therefore, assuming that you are running a common application version (in 1. above), the effect will be limited by permissions if everything is running as a normal user account.

3. Linux is so customisable that it is relatively straightforward to create a very tightly secure distribution "out of the box". There is in-built kernel-based firewalling, for example and unneeded services are left turned off very easily.

4. The average Linux user is far more Internet-savvy than the average Windows user - and that's not, in any way, devaluing some of the very knowledgeable Windows people that I do work with, for example - but average Joe Bloke at home runs Windows & only tries Linux when he starts to feel like he knows a little more about how PCs and networks actually work.

To put things in perspective a little, UNIX-type systems are susceptible to directed buffer-overflow type attacks where the intruder has done some homework, scanned a particular server, worked out what daemons it runs and then what versions of daemons he/she can attack. That's why good UNIX sysadmining is knowing what daemons to run and keeping them patched to the latest versions.

But please be under no illusions - the architecture of Linux is simply not designed to allow transmission of viruses. The only time this could ever happen is if a high proportion of Linux users ran the same distro version and very common applications.

No danger yet.

[vi+(editor)]

For spreading viruses need a sufficiently high density of potential victims. So your PoketPC is safe. The story is completely different if someone get this done on cell phones.

Can it really spread?

[yohanes]

Unless there is a flaw on the implementation of the phone can this kind of virus really spreads?

How many times?

How many times does it need to be said that the plural of "virus" is "viruses", not "virii"??

Famous last words

[visgoth]

"We don't expect a major outbreak," said Eugene Kaspersky, head of anti-virus Research at Kaspersky Labs. "Duts is unable to spread independently, only infects a limited number of files, and signals its presence in the system when attempting to propagate."

Duts may not be able to spread, but take out the bits that make it "benign" and you've got the makings of a real annoyance. Even if the source for this particular virus is kept safely out of the hands of malicious individuals, the fact that its now been proven do-able means others will try.

Bluetooth viruses...

[Audigy]

It would be interesting if the affected Bluetooth-enabled Nokia phones mentioned in a previous article a few weeks ago were somehow able to transfer their goods to PocketPCs ... ...come on now, how many people do YOU know with a Bluetooth-enabled PocketPC, who leave Bluetooth discovery on? (I have an iPaq 2215, but Bluetooth is off to save battery life)

This is a neat proof-of-concept, but I think these virus creators should go back to hacking cell phones if they want to make waves. :)