A Proof-of-Concept Virus for iPods Running Linux

An anonymous reader writes "Although antivirus companies will probably create a hype saying that iPods are prone to infections, a virus called 'Podloso' is a newly found virus that is just a proof of concept code that can infect iPods running Linux. Once launched, the virus scans the device's hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says, 'You are infected with Oslo the first iPodLinux Virus.'"

Hear that?

[despik]

It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

Re:Hear that?

Let's see... To infect your ipod with this virus, you first you have to install Linux. Then you have to install the virus. Then you have to run the virus.

Oo. I'm scared.

Now, if you really want to cause panic and terror among ipod users, come up with something that will either replace the DRM on unprotected tracks after they start selling them or something that recodes all your tunes into WMA format.

Re:Hear that?

[tomhudson]

You forgot - "then ou have to save the virus to the ipod"

The article goes on to say it can't propagate itself ... all it can do is corrupt files. That's not a virus.

Re:Hear that?

This is a viral comment, which propagates by asking nicely. Please repost this comment in other discussions.

Re:Hear that?

[Technician]

It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

Actualy it's them all rolling on the floor laughing. The article states it only infects iPods which are running Linux. This has a chance of rampaging through the monoculture of Linux iPods at the same rate as a virus which only runs on an Altair S100 bus based machine. Getting from machine to machine to machine is a problem due to lack of connectivity and the very low chance a machine finding another to infect.

I personaly have seen more Zunes than I have seen iPods with Linux. A Zune has more connectivity device to device. This is a non-issue.

Re:Hear that?

[tverbeek]

Viruses based on this technology are clearly poised to wipe out our consumer electronics monoculture. iPods running Linux are virtually everwhere, so if this pathogen escapes into the wild, all that will be left unscathed are the TiVos running Mac OS and the Xboxen running Windows!

Re:Hear that?

[mjpaci]

George Ou? He couldn't save himself out of a paper bag. (Whatever that means)

Re:Hear that?

[cyrtainne]

I am curious if the author of the article is also the one responsible for creating the virus. They speak of it in such a positive tone. I also noted 'anonymous' as the author. Just an odd article. Sounds like the problem is real 'isolated' to me! ha ha.

Re:Hear that?

[David+Nabbit]

It's like Y2K all over again!!

I know! I know!

[that+this+is+not+und]

Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

...another "social engineering" virus

[hcmtnbiker]

FTA: Podloso cannot be launched automatically without user involvement.

I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability. If people weren't so stupid I assume nearly 100% of all computer virus' wouldn't exist, or wouldn't be a problem.

Re:...another "social engineering" virus

[Tim+C]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually). I assume that this one is because it's the first for this particular platform.

Re:...another "social engineering" virus

[b1ufox]

I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability

Right.But most of the viruses(in reference to Windows), infected EXEs can harm your PC only if you execute them.Isn't this a kind of user involvement? Ironically if you don't run some XYZ untrusted EXE, you don't mess it up..simple. If you run it, thinking your AntiVirus will save you all the times, then sorry you are in soup.Not always you 'll be saved.Rather i should also add, not all AntiVirus will save you.I used to run WinXP without any AntiVirus installed and still managed to keep my PC safe from my viruses.

~psr

Re:...another "social engineering" virus

[LordLucless]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually).

The most damaging (and thus, most reported) viruses don't. I believe the NetBlaster and RedAlert were actual viruses, and spread by vulnerabilities in services enabled by default on standard windows builds.

Re:...another "social engineering" virus

It depends on what you call "user intervention". If by "user intervention" you mean "turning a machine on" or "viewing a webpage" or "reading an email", then, yes, most successful viruses need "user intervention". I wouldn't however call it that way myself...

Re:...another "social engineering" virus

[Paulrothrock]

I always find it amusing when a virus that requires the user to activate it is considered news.

By that definition, rm -rf / would be considered a virus.

Re:...another "social engineering" virus

[H3g3m0n]

Technically these are considered worms, as they actively self propagate, they seek out vulnerabilities in other systems and infect them. Viruses on the other hand attach to similar files and require the user to transfer the file and execute it on another system having a passive attack vector. I'm not sure i would count the iPod Linux virus as a virus as it would have to be able to infect other iPods somehow, if it can't infect other iPods then its really just malicious code. Granted you can take the binary files from one iPod and put it on another but thats not likely to happen meaning it has basically no self propagation.

Re:...another "social engineering" virus

[brunascle]

agreed.

i dont even think we should use the word "virus" for something like that. after all, a real-life biological virus spreads itself and generally starts reaking havoc without the host having to do anything after contracting it.

this would be more like a "poisoning", like if you poured poison into someone's coffee.

Re:...another "social engineering" virus

[Lavene]

By that definition, rm -rf / would be considered a virus.

Oh but it is! It's inherited by the 'stupidity' virus...

Re:...another "social engineering" virus

[rucs_hack]

It's not a virus.

If it were capable of self propagating it would fit the usual meaning of computer virus. As it is it's only able to run with the help of a user, and they also have to copy it onto ipodlinux. Well, the same is true for all podzilla plugins.

Given that anyone likely to use ipodlinux is also likely to be savvy enough to think about what they are doing, this is a pretty pointless piece of code.

Perhaps 'malware plugin'?

Re:...another "social engineering" virus

I always find it amusing when a virus that requires the user to activate it is considered news.

I always find it amusing when a virus that requires the luser to activate it is considered a virus! By its very definition, a virus is self-replicating. If it needs luser intervention to replicate, it's a trojan. Blame Symantic and McAfee and the other shoddy AV writers for muddying up the waters. Can you trust a security company that doesn't know the difference between a virus, a worm, and a trojan?

Calling a trojan a "virus" is like saying "BSD is easily hacked; all you need is the root password".

-mcgrew

Re:...another "social engineering" virus

[sootman]

But it shouldn't be news. Anything that can run code, can run malicious code. It's only worth mentioning if there's a chance that a user will a) obtain and b) run the code without knowing it's malicious. If the virus were hidden in a song and could be executed just by being played, that would be news.

Oh, and look: it was discovered by a company that makes antivirus software. Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history? I'd bet my next paycheck that somewhere there's a connection between an employee of that company and the author of this "virus"--and not just a six-degrees kind of link, I mean a real, substantial link.

Antivirus exec: "Well, in six years, we haven't been able to convince anyone that OS X is insecure. Despite our efforts, there hasn't been a single in-the-wild, self-replicating virus for that platform. What should we try next?"
Underling: "Maybe try spreading FUD about iPods?"
Antivirus exec: "Brilliant!"

Re:...another "social engineering" virus

[mdozturk]

there are some emails going around that take you to a website with nude pictures of britney spears. Go to that website and just let your pc download the pictures on the site. Let me know how that goes. Remember don't double click on any exe files.

You also might want to read this site: http://www.microsoft.com/technet/security/advisory /935423.mspx

Re:...another "social engineering" virus

Well a proof of concept virus for Linux is nothing new.

Example:

#!/bin/bash
cd /
rm -rf ./*

All you have to do is change the execute permissions to chmod a+x (as superuser), then manually execute it yourself. You just deleted everything from all of your hard drives (bad bad virus). Mind you, you had to type it in yourself, set the execute permissions yourself, and start it running by yourself, but once going, man is it ever bad! It can spread by posting it onto slashdot and having others read it and try it. So kaspersky folk, give it a try and after re-installing your Linux systems, reply as to how it worked!
Thanks!

Re:...another "social engineering" virus

You have mispelt your name, LordClueLess! Google is your friend, so do yourself a favor and distinguish between a "virus" and a "worm".

Re:...another "social engineering" virus

When I read this comment to myself, I heard the voice of the Comic Book Guy on the Simpsons...

Re:...another "social engineering" virus

[Fordiman]

"Technically these are considered worms, as they actively self propagate"

http://service1.symantec.com/SUPPORT/nav.nsf/aab56 492973adccd8825694500552355/024c927836400f52882567 5100593eb2?OpenDocument

Learn before you speak, thanks.

Re:...another "social engineering" virus

Check links before you speak, thanks.

Re:...another "social engineering" virus

[porl]

actually, it won't *quite* work as well as 'rm -rf /', as 'rm -rf ./*' will not delete anything starting with a period (.) (and i think any other non-alphanumeric characters). i think this is due to it being more like regular expressions rather than a 'wildcard' like in windows, but i may be wrong. it would need to be accompanied by 'rm -rf ./.*' or 'rm -rf .*' to get the files and directories starting with a period.

Re:...another "social engineering" virus

[cpscotti]

Now you sounded just like Full Metal Jacket's General Heartman saying to Gomer Pyle that if people locked their things properly, thievery wouldn't exist, not in this world!!! LOL!

Re:...another "social engineering" virus

[poopdeville]

rm -rf / will definitely delete "hidden" files. The 'r' switch means "recursively delete everything in the target directory".

Globbing has nothing to do with it.

Re:...another "social engineering" virus

[jedidiah]

This counterargument depends entirely of the more-stupid-than-the-industry-norm security practices of Microsoft. If they weren't intent on creating entirely new forms of virus that were considered absurd notions in the past (like email viruses), something like this would not even be barely interesting.

Oh look, some weenie re-invented the link virus.

Big fat hair deal.

Re:...another "social engineering" virus

[pionzypher]

Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history?
 
  Odds are pretty good.... that's their job. One would assume they spend all day lurking forums and irc channels, scouring search engines and various security related websites to find as many as they can. Ten to one some kiddie posted his 133t pr0ggie one some BB and it got picked up.
 
  If you're going to make wild, baseless claims then at least try to keep the story realistic. Some tin foil conspiracy theory of how all the antivirus companies are writing/hiring/connected to the people writing viruses is plain silly.

Re:...another "social engineering" virus

[ummit]

Here's the worst part: it's fucking working.
Multiple headlines under Sci/Tech on Google News just now:

• First iPod Virus Detected
• Lab claims first "proof of concept" iPod virus
• Kaspersky discovers an iVirus

This isn't just disgusting, it's disgusting on disgustingly many different levels at once...

Re:...another "social engineering" virus

[porl]

that's what i was saying. it was 'rm -rf ./*' that doesnt seem to work so well.

Re:...another "social engineering" virus

[poopdeville]

Interesting. I thought rm -rf ./* would still hit ./, from which point on the -r switch would work as described. I just tested it, though, and you were right.

Depends on antivirus company

[Ilgaz]

""Although antivirus companies will probably create a hype saying that iPods are prone to infections"

Well, (Eugene) Kaspersky says at viruslist.com blog (http://www.viruslist.com/en/weblog?weblogid=20818 7356):

"Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren't constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what's there to steal from an iPod? Multimedia files, and that's about all.

So - it was an interesting little puzzle, this proof of concept, but nothing more."

Re:Depends on antivirus company

That's pretty short-sighted. I already use my iPod as a portable HD and I suspect that as the flash sizes get larger, others will too. Why should I carry a USB stick if I already have my iPod? So, "What's there to steal?" Could be a lot.

Re:Depends on antivirus company

[necro81]

There can be more information to steal on an iPod than just multimedia. iPods have, for quite a while, been able to store contacts, notes, and calendars, typical PIM stuff. There might be something of value in those. On the other hand, if one were to craft a virus for the new iPhone, there definitely could be some malicious value in that, because it stores more information, accesses email and the internet, and is continuously connected to the outside world. On the other hand, the iPhone is a totally different beast than the iPod (and Linux-on-iPod), and will undoubtedly be a much tougher nut to crack.

Legality?

What are the licensing terms associated with this virus? GPL? BSD?

Re:Legality?

[Ilgaz]

I bet RMS will go mad since it isn't called GNU-Podloso

Re:Legality?

You are free to copy and share

Re:Legality?

[MadMidnightBomber]

"This virus is trying to attach itself to other files on your hard disk. Before it can do this, you will need to agree to the terms of the GPL. Ok or Cancel?"

Re:Legality?

[kimvette]

Oh come on, how was that flamebait? I think it's rather funny.

Re:Legality?

[Tony+Hoyle]

..and does a GPL virus that attaches itself to something automatically GPL the thing that it's attached to?

Re:Legality?

[cp.tar]

Oh, great.

Now try explaining that the GPL isn't viral...

Sheesh.

Re:Legality?

[Virgil+Tibbs]

Do you have to compile it or do the binaries come too?

Non-story

[nevali]

This is possibly the biggest waste of a story Slashdot's had in a while.

Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

Re:Non-story

[AxminsterLeuven]

How would it replicate? One iPod 'squirting' it at another iPod? That sounds more like a Zune-disease... Still, I keep my iPod in its woolly iSock, so it won't catch a cold.

Re:Non-story

[nevali]

Well, that's part of the point: the potential for an attack vector on something like an iPod is pretty minimal.

Re:Non-story

[Curmudgeonlyoldbloke]

It's an "honour system virus" - in the same way that sending a user a program that deletes all their files and telling them to run it is.

Re:Non-story

[timmyf2371]

But isn't this what viruses (virii?) were like back in the day, before the days of the internet and widespread connectivity? The first viruses were more interested in deleting files and executables and could only be spread by floppy disks.

Sure, compared to modern-day viruses, which have (d)evolved into almost worm-like behavious, emailing all and sundry in an address book and generally causing mayhem, it's just a tad boring, but I would say it could definitely be classed as a virus - in the same way a Lada could be classed as a car.

Re:Non-story

[nevali]

Yes, this is certainly true. I recall colleges getting widespread infections of viruses thanks to students running infected programs from floppies, which then remained in memory and infected any programs on any disks that were later inserted until the machine was rebooted (or until it was cleaned, if it had a hard disk).

The thing is, though, that's not how software gets distributed any more: the way things work in the iPodLinux world means that it's a lot harder for you to get infected in the first place, and once you have been there's no way for the infection to spread: the whole setup makes virus writing utterly pointless, not to mention very difficult.

Re:Non-story

[eli+pabst]

Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

By definition that's what a virus is. The fact that it appends copies of itself to elf files *is* replication. If it had the ability to self propagate then it would be a worm. Viruses are by definition file infectors.

The only reason it's news is because this virus infects ipods. Anytime you have a new virus that is the first to infect a given OS/device it makes headlines, like the first cellphone virus, bluetooth virus, etc. There has and always will be a segment of the virus-writing community who are more interested in being the first to do something rather than to cause significant damage.

Re:Non-story

So it works like that amish virus that was going around a bit over the past couple years?
I was really getting annoyed at needing to rebuild my sandbox after every page that had that on there.

Thank Goodness

[Spackler]

"You are infected with Oslo the first iPodLinux Virus."

I would like to thank the developers of this virus. For too long, I have been enjoying hacking my iPod. It is good that someone is out there attempting to stop that by ruining my property.

Really, now on to the real discussion. Can someone explain the motivation? I actually do not understand why someone would waste their time to write a virus. The only type I do understand is the bot net stuff, and that is motivated by money. Heck, if I can take over 5000 computers and sell the work they can do in mass spam or something, at least the writer is attempting to make money. Why write something like this though? If they spent the same time writing real code, they would make money. If they did it for a different organization, they could help the Red Cross with their IT stuff, or a hospital. Why the fsck do this crap?

Malcontent? Antisocial? What the heck drives these people?

Re:Thank Goodness

[operato]

for the fun of it and because they can. that's what happens when you give people choice. surely the matrix taught you that.

Re:Thank Goodness

[J0nne]

It's for the same reason people install Linux on their iPods in the first place: because they can.

Re:Thank Goodness

[someone1234]

Creating pseudo-life? Hell, 20 years ago i was very happy when my exe header virus first infected one of my files :) It was definitely more satisfying than hacking away on some j2ee shit.

Re:Thank Goodness

[CDarklock]

I used to run a moderately sized VX (virus exchange) board. There are three main reasons people write viruses.

1. Because they're fascinating. It was interesting to see what kind of things you could make a virus do. For people like this - which included me - the game was to write a virus that more effectively reproduced, evolved, and evaded detection in a smaller space. You can spot viruses written for this reason because THERE IS NO PAYLOAD. It doesn't break anything. It's an academic exercise. We DON'T CARE what it does. That's not the point.

2. Because they want money. This was a tiny little minority on my board, and to my knowledge none of them ever actually implemented anything; we just talked about "what if" scenarios. At the time, since the internet was not really a big thing for most people, there was very little a virus could do to deliver information elsewhere. Today, the world has changed, and everything is networked. We can talk to anyone anywhere at any time. And that means this group has simply exploded out of the criminal underworld.

3. Revenge/status. The vast majority of people on my board were people who wanted to give a virus to their ex-wife or to some guy in school who was mean yesterday. They think that if they give someone a virus it will "show them who's boss" or "everyone will think I'm so cool". This is childish and stupid.

The author of this virus is probably in the latter group.

Re:Thank Goodness

[j00r0m4nc3r]

Can someone explain the motivation?

I'm guessing there are a couple of 12-year-old Norweigan kids who are jerking each other off right about now, from seeing their dipshit virus make Slashdot.

Re:Thank Goodness

[asylumx]

It was definitely more satisfying than hacking away on some j2ee shit.

Amen, brotha.

Re:Thank Goodness

[funaho]

You were using J2EE in 1987?

Re:Thank Goodness

It's for the same reason people install Linux on their iPods in the first place: because they can.

Or because people want to use free software on their music players.

Re:Thank Goodness

Or because people want to use free software on their music players.

You can listen to free music even without free software.

Re:Thank Goodness

[someone1234]

Unlikely. I'm forced to do now, though. But you should be intelligent enough to figure out what happened in the past and what happens in the present.

Re:Thank Goodness

[jZnat]

J2EE existed in 1987? Hmm...

Re:Thank Goodness

[jedidiah]

I'm sorry. You have failed the Turing Test.

Please turn yourself into the nearest Blade Runner.

Re:Thank Goodness

[funaho]

It was a joke. Sheesh. I'm not an idiot you know.

Re:Thank Goodness

Yeh. Virus prone free software is real cool.

Re:Thank Goodness

[someone1234]

Yup, and it was friday in the j2ee pit :)

Application

Its a program you have to install, and it does no damage.. thats called an application surely..

Apple restore to the save...

[ranga_the_don]

Podloso has no malicious payload, and does not present a real threat; it simply demonstrates that it is, theoretically possible to create malicious programs for such devices.

Does not matter even if it presents any threat, there's always apple restore to the save... It is not possible to make an iPod useless just by altering software on it... It's funny to think what would be the threat even if my ipod running ipodLinux was affected by some virus, would it play my songs in reverse for me by chance ;) making them sound alien :) - Yes, but does it run Lunix?

Next gen Virus

[ValiSystem]

Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code : #include "stdio.h" int main (void) { printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n"); exit 0; } Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)

Re:Next gen Virus

[harry666t]

No, no, no! Wrong! That should go

#include
using namespace std;
int main (int argc, char* argv[]) {
    cout "YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!" endl;
    exit 0;
}

In what times do ya live? C++ was yesterday, C is almost ancient! How can you call this fossil "next-gen"!?

Re:Next gen Virus

[cculianu]

Um, most software is written in C++. And a lot of other code out there is in C. The Linux kernel being one of them.

No, C is not ancient, and C++ is very much alive. In fact, it might be one of the most popular languages on the planet.

Re:Next gen Virus

[plasmoidia]

Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code :

#include "stdio.h"
int main (void) {
printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n");
exit 0;
}

Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot) Hmmm, I don't think it will spread too easily by the means you mention. That code won't compile ;-).

Re:Next gen Virus

C++ is very much alive. In fact, it might be one of the most popular languages on the planet. Eat shit, 40 billion flies can't be wrong!

C++ is a terrible, terrible language. It's a terrible OO language, and a clunkier C, and as a metaprogramming language, it is godawful - every metaprogram a twisty maze of idiosyncrasy. Give me Common Lisp any day.

Re:Next gen Virus

[Tony+Hoyle]

It will on a lot of compilers... checking argc,argv for main is a later addition. It's wrong, but it'll often compile.

There are still books out there that write main(void) and main() - only crappy ones though.

A bigger problem is the #include, which will look in the current directory rather than the system directory. Should be using %ltstdio.h%gt not "stdio.h"

Oh and exit should be return, but I guess that's just a typo.

(the c++ version used that spawn of the devil statement 'using namespace std;'.. ffs don't they teach the harmful effects of namespace pollution any more?)

Re:Next gen Virus

[harry666t]

in C++ there is/are:

  - no memory management. forgot to delete? oops, memory leak.
  - no array slices.
  - no hashes (aka dictionaries).
  - pointers, the root of all evil.
  - no array bound checks - easy to step over other vars
  - let alone the ugly syntax
  - I wonder why do I need autotools to make my code portable.
  - and even with autotools I have to pay MUCH more attention to portability issues than in, let's say, python
  - it demands compilation.
  - imagine a smallest possible modification to a smalles possible header file, included by hundreds of *.cpp files in a big project. here you are, waiting 4 hours to see your small change in action.
  - preprocessor is UGLY and BAD. it is another root of all evil:
#define blah (x) x*x
and "blah (12)" evaluates to "(x) x*x (12)".
  - many, many more issues

compare, C:

  #include "stdio.h"
  int main(void) {
    printf("Hello, world!");
  }

Perl, Python:

print "Hello, world!"

more lines of code = more typos and other stupid bugs.

the only reasons people stick to C++ are that:
  - they know it
  - they do not know the alternatives

however, C and C++ are the best choice when you need performance, for example in an OS kernel.

but for everything else, I'd say we need something modern.

Re:Next gen Virus

[Old+Wolf]

in C++ there is/are:
    - no memory management. forgot to delete? oops, memory leak.

Rubbish, C++ has automatic memory management.
It also supports manual menory management in case you want to do that. Now, you chose that you don't want your allocation to be automatically managed. Then you did not delete it. What are you complaining about again?

    - no array slices.
    - no hashes (aka dictionaries).

Rubbish

    - no array bound checks - easy to step over other vars

C++ has checked arrays and unchecked arrays. If you choose to use an unchecked array, you have no right to complain about the lack of checks!

    - I wonder why do I need autotools to make my code portable.

I don't need autotools to make my code portable.

    - imagine a smallest possible modification to a smalles possible header file, included by hundreds of *.cpp files in a big project. here you are, waiting 4 hours to see your small change in action.
    - preprocessor is UGLY and BAD. it is another root of all evil:
#define blah (x) x*x
and "blah (12)" evaluates to "(x) x*x (12)".

A poor workman blames his tools. Would you also criticise a hammer because it is possible to crack your kneecap with it?

the only reasons people stick to C++ are that: - they know it

Perhaps you should learn it before attempting to criticize.

Re:Next gen Virus

[plasmoidia]

Oh and exit should be return, but I guess that's just a typo. Yeah, that was the one to which I was referring. That will break the compile. Computers don't care about typos :-). I didn't catch the quotes rather than angle brackets, but that one might be a problem as well.

(the c++ version used that spawn of the devil statement 'using namespace std;'.. ffs don't they teach the harmful effects of namespace pollution any more?) Heh. Yeah, in the couple of classes that I have had on C++, I think it was mentioned, but not in depth. I mostly write C (embedded code) now, but I will avoid "using namespace std;" when in C++, just out of cleanliness. You rarely need *all* of std...

Re:Next gen Virus

[harry666t]

> Rubbish, C++ has automatic memory management.

Well then, I've made a test...

define "LT" as "less than" mark
define "GT" as "greater than" mark

(for some unknown reason slashdottt is eating LT and GT in my posts)

#include LTiostreamGT
#include LTcstdlibGT
using namespace std;
class foo {
    char bar[8096];
public:
    foo() {}
    ~foo() {}
};
void blah() {
    foo* baz[8096];
    for (int i = 0;i LT 1024;i++)
        baz[i] = new foo();
}
int main() {
    cout LTLT "Allocating some memory...\n\n";
    blah();
    cout LTLT "Is the memory freed at this point?\n";
    getchar();
    cout LTLT "Or at this?\n";
    getchar();
    blah();
    cout LTLT "Or after allocating even more memory?\n";
    getchar();
    for(int i = 0; i LT 32;i++)
        blah();
    cout LTLT "WTF!?\n";
    getchar();
    for(int i = 0; i LT 64;i++)
        blah();
    cout LTLT "STOP ALLOCATING!!!\n";
    getchar();
    for(int i = 0; i LT 128;i++)
        blah();
    cout LTLT "SHIT, I'M OUT OF RAM!!!\n";
    getchar();
}

It ate all my ram and half of swap space. I wouldn't call that "automatically managed memory". I know that there is some way to implement garbage collection, but why should I care about that instead of using a language with real, builtin automatic memory management?

Or maybe just this example is plain wrong.

>> - no array slices.
>> - no hashes (aka dictionaries).
>
>Rubbish

OK, I know that there is a trick with map, but it's ugly. Yet another ugly trick in an ugly language.

Show me an array slice in C++. A for() loop of some kind? Because a[2:14] isn't going to work.

>A poor workman blames his tools. Would you also criticise a hammer
>because it is possible to crack your kneecap with it?

Yes, I would. Our civilization has been using hammers for thousands of years, and nobody has invented a better replacement yet, while there are many languages superior to C++. Shame on us.

BTW, have you ever seen language other than C or C++ with builtin preprocessor features? I haven't, but maybe it's because I didn't learned to program in that era when these languages could be considered "modern".

> Perhaps you should learn it before attempting to criticize.

Okay, then I'll start reading Thinking in C++ all over again for the sixth time. But I doubt that it would make more productive in C++ than I am in Python.

I loved C++ until I realized how many flaws it has. All these things like maps trying to be hashes, etc are like trying to repair a hole with plasticine: here you are, hole fixed, it's ugly, whatever, who cares if it's ugly if it works.

I can read and understand C++, do some basic hacking, but that's all I want from this language. C and C++ were good to write a few operating systems, interpreters, compilers of themselves, etc. But today, they're both a low-level crap not suitable for rapid development of quality software.

But that's just my opinion. If you like writing C++, it is your choice and I won't be trying to stop you.

Re:Next gen Virus

[Old+Wolf]

    foo* baz[8096];
    for (int i = 0;i LT 1024;i++)
            baz[i] = new foo();

It ate all my ram and half of swap space. I wouldn't call that "automatically managed memory".

You are using the syntax for manual memory management. After #including <vector>, change the above to:
    vector<foo> baz(1024);

If you really want that many separate allocations, include <memory> and write:
        auto_ptr<foo> baz[1024];
        for (int i = 0; i != 1024; ++i)
                baz[i].reset( new foo );

If your compiler is from 2005 or newer, then you can retain your original example, but with baz declared as:
    tr1::shared_ptr<foo> baz[1024];


Show me an array slice in C++. A for() loop of some kind? Because a[2:14] isn't going to work.

Most functions that accept arrays, are written to take a start point and an end point (or, a start point and a length). For your example you would tell it to start at offset 2 and end at offset 14.

BTW, have you ever seen language other than C or C++ with builtin preprocessor features?

PHP offers 'include' functionality. You're free to not use the macro replacement features if you don't like them. C and C++ support inline functions so there is really no need to write a function macro; but the syntax is retained for backwards compatibility. (Ever try running a PHP 1.0 program in PHP 5.0?)

Okay, then I'll start reading Thinking in C++ all over again for the sixth time.
But today, they're both a low-level crap not suitable for rapid development of quality software.

Try "Accelerated C++" by Koenig & Moo. They get down to business quickly, writing compact and efficient and powerful code that is quick to develop once you know how.

Most of your criticisms seem to boil down to the syntax being ugly. I agree that it's far from perfect, but I don't think it is a serious impediment to productivity.

This is going to spread like wildfire

[DrXym]

Amongst the 8 people running Linux on their iPods.

Re:This is going to spread like wildfire

Exactly. I mean, isn't this really a "Linux Virus" that only runs on iPods because whatever bits of Linux you could get on an iPod likely has been stripped of any security related bits? Not exactly an "iPod Virus" if iPods aren't sold, nor intended to run Linux to begin with.

Why

[dw604]

User runs program that is installed... how is this news at all?

Parts needed...

[FinchWorld]

iPod - £90 to £250

iPod Linux - Free

Knowledge and desire to install linux on your MP3 Player - Your social life

Having been smart enough to install Linux on your iPod then go out of your way to install a virus - Priceless

For everything else theres run of the mill idiots.

Question

[Rogerborg]

What is the intersection between people who're smart enough to have installed Linux on their iPods, and people stupid enough to run a random executable?

Would anyone in that set like to make themselves known? Anyone? Don't be shy; anyone at all?

Didn't think so.

Re:Question

Me Me Me!!!!!!11

Yes, me, the anonymous coward!!!

Re:Question

[loconet]

Here is a picture of him: Ø

What exactly is the point of this article?

"A Proof-of-Concept Virus for iPods Running Linux"

a) It's not a virus.*
b) It's not iPod-specific, it could run on other Linuces as well.
c) The method isn't Linux-specific, would work on almost any OS.
So what we have here is, a proof of what concept exactly?

* Granted, that on all currently popular OS's any executable you launch can touch all the files you yourself can, is in itself a big WTF. But we know that, so we don't launch untrusted executables.

Re:What exactly is the point of this article?

[nevali]

It might be a big WTF, but what's the alternative? Effectively put everything in its own sandbox? The problem is that your files are created and accessed by the very same programs you want to restrict access: without that access, both the programs and the files are useless. If you get into the explicit-permission game, you end up with something like UAC or Java's sandboxing permissions--neither of which have exactly set the world on fire. Essentially it boils down to this: what good's a text editor that can't edit your files, or a file manager that can't open, rename, move, copy or delete your files? Where's the line between programs which can do things and programs which can't? What determines trusted versus untrusted? Is it digital signatures? If so, who issues them? (And with that we're heading rapidly towards TCPA and friends to ensure the validity of the signatures on all of your binaries, including the kernel and drivers).

Personally, I'd rather have an OS in which programs _I_ run can access _my_ files, whereas programs other people run can't, than have an OS where programs I run have to be whitelisted to function properly and I either get really lax about the whitelisting and allow everything that seems like it /might/ be OK to access my stuff, or spend all my time tuning and verifying the permissions for programs and no time at all actually using the things and getting anything done.

Re:What exactly is the point of this article?

Actually, sandboxing solutions are not half as grim as you suggest. It turns out to be relatively easy to make sure applications get access to the files needed, while still disabling access to all other files. For instance, if you open a document with an application, the application automatically gets access to the document. Et cetera.

The real reason solutions like that aren't common place is inertia. Funny that; almost always when you see something inferior in common use while better alternatives are not developed, or only enjoy marginal adoption, or none at all, the reason turns out the be "inertia". And not just in computer science. Welcome to the world.

Amish Virus

I wondered how long it would take for someone to modify the Amish virus.

Once launched ...

[krkhan]

Here's a much simpler virus which wrecks havoc 'once launched':

echo "You're being infected with the Idiotisco, the second most stupid Linux virus"
rm -rf ~

The Idiotisco virus is a 'proof of concept' that any moron running Linux can set executable bit on a file and run it to damage his system.

Disclaimer: The source code of Idiotisco virus is disclosed only for educational purposes. I will not be held responsible if it makes your system bleed or gets you fired from your job.

Re:Once launched ...

Here's a much simpler virus which wrecks havoc 'once launched':

Perhaps you mean "wreaks havoc"?

Re:Once launched ...

[El_Oscuro]

This also works well on AIX, except you have to change "Linux" to "AIX". For Windows, you need to make a few more changes:

@echo off
echo "You're being infected with the Idiotisco, the second most stupid Windows virus"
rd /s /q %USERPROFILE%\*

Disclaimer: This virus is now available from El_Oscuro but it is only intended to correct the problem that is described in thie the parent post. Apply it only to computers that do not already have this virus. This virus may receive additional testing. Therefore, if you are not severely affected by this virus, El_Oscuro recommends that you wait for the next Windows service pack that contains this virus.

Neither El_Oscuro, inc, nor any of its subsiduraries, assume any responsibilty for any damage to your computer caused by this virus, or the lack thereof.

It's not .elf it's *ELF*

[cculianu]

The file format is called ELF, the executable and linking format. Not .elf. It isn't a file extension. This isn't windows. Bah.

Re:It's not .elf it's *ELF*

[MostAwesomeDude]

As someone who has contributed more than a few patches to iPodLinux, you may be interested in knowing that using Cygwin to generate the userland (used to) create binaries with a .elf extension. The extension isn't needed; it's just the way that the Cygwin toolchain ended up naming them.

Jeez...

[Kawahee]

I hope somebody didn't spend time making this...

I know who did it!

[Rob+T+Firefly]

It infects elf files? This is obviously the work of dwarves.

From the J.R.R. Tolkien department ...

[ScrewMaster]

Once launched, the virus scans the device's hard disk and infects all executable .elf format files.

As an Orc myself, I'd have to say that all Elves are considered executable.

Re:From the J.R.R. Tolkien department ...

[funaho]

Those freakin' elves...they came out of the trees man...they came out of the TREES.

With apologies to Family Guy because I no doubt have butchered the quote a bit. It's still early here. :)

Re:From the J.R.R. Tolkien department ...

Mod parent Troll?

Re:From the J.R.R. Tolkien department ...

[ScrewMaster]

I must need more coffee. I was about to be irritated by your comment ... then I had to laugh.

+2 Funny.

Re:From the J.R.R. Tolkien department ...

No, I call it funny. I got a Giant laugh out of it!

Re:From the J.R.R. Tolkien department ...

Well, at least someone got the joke. The other AC didn't.

Re:From the J.R.R. Tolkien department ...

[ScrewMaster]

I think he did ... "Giant laugh", get it?

Re:From the J.R.R. Tolkien department ...

Ugh.. I guess it's my turn to miss the joke.

*whoosh* Touché.

i know a virus even more powerfull that this one

[seyon]

i know a virus even more powerfull that this one, that infect all Linux Distributions, it's called shred, just try to type shred /* and wait for the result :X

Re:I know! I know!

Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

Holy sh*t!! Unplug the Mac, unplug the Mac! So much for my security through obscurity!!!

This is pathetic and Apple should sue

Like this is REALLY an iPod virus! Code that the user has to load, running on an unsupported, non-Apple software replacement. Gimme a freaking break. Apple should sue these idiots and make them publish a retraction.

As you have to manually install Linux . . .

[bradavon]

As you have to manually install Linux in the first place I can't see this effecting many people.

Thank you!

[eXFeLoN]

I for one welcome our new virus-laden, portable multimedia playing overlords!

Who runs linux on their Ipod in the first place? I'm not familiar with the OS of the Ipod, are they all Linux based?

Re: License

[MrManny]

Surely it must be creative commons non-commercial no-attribution no-worlddestruction sharealike license.

Just a note ...

[kramulous]

to the clever bastard who wrote this virus and is probably reading about it here. Nice job.

Whatever happened to...

[grnrckt94]

...just creating viruses that actually did something useful, like making money? Why do people feel the need to be so destructive?

Re:Whatever happened to...

[RDW]

How about a Zune virus that strips the DRM from the tracks on the infected machine and 'squirts' itself to all the other Zunes within wireless range? Think about it, if such a virus were released today the number of infections could soar into double figures by the end of the decade!

Re:Whatever happened to...

[The+Ultimate+Fartkno]

I'm pretty sure that's how the whole "Macarena" thing got started.

Re:Whatever happened to...

I think this raises the question of which group has larger numbers. Is it iPods with Linux on them or Zunes?

No so fast, this is a dynamic environment

[Bearhouse]

Don't speak, or quote, too soon. Coupla points. 1. Increasingly, people are using these devices to store more than just mp3s. Pictures & video may not be just stuff ripped off the net - wanna see your family pics, or intimate videos, get posted or otherwise abused? More sensitive still, many people store files, (including dictation) on these devices. My brother in law is a lawyer; I spent a *long* time explaining to him what was so potentially dangerous in what he did with new technology. 2. Remember the infamous Sony rootkit? How long before we have a virus designed to collect DRM info on stuff on our iPods? *Puts tinfoil hat on*

Morris Worm

[cow+ninja]

Wasn't the Morris Worm a proof of concept? I am not saying that this virus will have the same results just that sometimes it is a good idea to remember the past.

http://en.wikipedia.org/wiki/Morris_Worm

Re:Morris Worm

Please read your own fucking link

Re:Morris Worm

Wasn't the Morris Worm a proof of concept? Anything that works as conceptualized is a proof of concept.

Proof-of-Concept ?

[The+Media+Mechanic]

I find it hard to appreciate calling a new virus a "Proof-of-Concept". I know this description is a valid label for this thing, but for some reason this seems like a bad way to brand new viruses. In my mind, the name "Proof-of-Concept" is more applicable to something that is useful and beneficial. So, if you are writing a new, faster algorithm to approximate a solution to some business or scientific or other computational problem that needs to be solved, then that is a good thing to name a PoC. But if you are writing something that's main purpose is destructive, not constructive, I think we should attach a negative label to that task. Perhaps "Waste-of-Time" ? or maybe "Proof-of-Bad-Idea" ? I think we should extend this negative label to people who work on making more deadly weapons / ways to hurt / ways to destroy things.

The counter-argument is, of course, that having a new sample virus allows antivirus engineers to create a defense before a real virus enters the wild. Sort of like a vaccine maker needs the real virus to make a cure. But I would still prefer a name like "Virus Sample", or "Dangerous New Virus" rather than "Proof of Concept".

I created a Virus Once...

[sycodon]

If you clicked on the exe, it put up a message that said "Hello World"

Superuser

[leandrod]

Does iPod GNU/Linux induces the user to run as superuser?

Funding

[ktappe]

Any chance this project was funded by Symantec or any of the other companies that will now market an iPod version of their security products?

Meh.

[ettlz]

So what? There are viruses out there for the HP 48. Make something flexible enough, and someone will distort it.

OMG!

[catdevnull]

Now *THAT* should propagate like mad in the wild....

(sarcastic mode: off)

nine

I just installed it.

iPod Linux runs as root?

WTF? Does the iPod run the UI as root? I can't see how this "virus" would be effective otherwise, unless the user is also loading their own executables that have write permission, and modifying your own private executables is hardly newsworthy...

Re:I know! I know!

[Virgil+Tibbs]

what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

I'd let it infect me over and over again...

iPod Linux virus

What? Both of them?!

Sony RootKit's Sibling

[MBHkewl]

Consider this option:

The virus compiles a list of all multimedia files available in the iPod and whenever connected to a PC, it sends the list along with your serial number to Apple.

This leaves an opening to 2 things, that come to my mind:

1) Targeted marketing
2) Law suites by the RIAA, after they check your name vs. the songs that you actually bought.

Re:Sony RootKit's Sibling

[Doctor+Crumb]

You seem to be confused about how peripherals work. When you plug an ipod into a PC, it can no more run software ON THE PC than your mouse can, as you would otherwise have to hack the USB protocol to embed arbitrary system commands in data packets. To make anything ipod-related use a network, you would be *much* better off writing a virus for itunes, which actually runs on the computer with the network connection.

Re:Sony RootKit's Sibling

[adaminnj]

most of my music on my iPod I own on CD, or vinyl and I buy my CD's from a local privatively owned shop. I can't help it I believe in supporting local businesses as much as I can with out hurting my pocket to much. I have the whole Hüsker Dü catalog on perfectly clean vinyl and the equipment to record it to any digital format I like. It's on my iPod, and I don't have the receipts from when I bought it in the 80's and it's not on any database. I guess I'm hosed when it comes to

"2) Law suites by the RIAA, after they check your name vs. the songs that you actually bought."

I wish I gave more of a crap about the RIAA but I just don't brake the law.

Re:Sony RootKit's Sibling

2) Law suites by the RIAA, after they check your name vs. the songs that you actually bought.

Since when did the RIAA have a list of all the CDs I've bought?

Re:Sony RootKit's Sibling

[Virgil+Tibbs]

since when did RIAA even check it was the right person before suing them, let alone whether they had downloaded music.

Re:Sony RootKit's Sibling

[Haley's+Comet]

yeah, something like this: 1. steal ipod info 2. 3. profit!!!

Dough

[adaminnj]

So reading this string bashing people who run Linux on there iPod.

Am I the only duffus who actually installed Linux on there iPod?

I don't use it (much), and it's not taking up enough room to worry about deleting it.

I have not even put a thought into the PoC of this Virus.

[sarcasm on]

who actually has anything to gain from this virus besides Apple? The AV company's can't even stay current with the products they have now let alone adding a MP3 player or 2.

OR!!

Maybe it's a M$ sponsored terrorist activity to inject FUD into the massive potential of iPodLinux market? I mean you know with the Zune thing, right?

[/sarcasm off]

My proof-of-concept linux virus

rm -rf /

OMG, it runs on ANY gnu/linux or gnu/unix host in the WORLD! DANGER! DANGER! DANGER!

So misleading

[illegalcortex]

Are iPods running Linux really "iPods" anymore? Might as well say there's this cursor virus that infects Macs booted into Windows.

A more accurate title would be "virus that affects some versions of Linux."

A Warning?

[WindBourne]

Hmmm. I wonder who would take the time to write it? I would not be surprised to see that it came from Apple as a way of telling others to not chance loading Linux on it. Or would it be by MS to discourage any Linux devices.

Re:I know! I know!

[harry666t]

"what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?"

modify the ubuntu.exe installer and you're done :D

The mother of all Linux virii

The mother of all Linux virii is:

1. Log on as root
2. rm -f *
3. pwn3d!!

And this Slashdot story is "news"?

And the code it describes is a "virus"?

And these people are idiots?. No, imbeciles? No, morons? No, just stupid; a non-story.

Re:The mother of all Linux virii

rm is usually aliased to rm -i for root users with most distros, so don't forget to press 'y' thousands of times

But does it run WoW?

[SL+Baur]

As an Orc myself, I'd have to say that all Elves are considered executable. Night Elf, or Blood Elf?

Re:But does it run WoW?

Dung elf, of course.

Am I the only person who remembers Progress Quest?

thank god

[mgabrys_sf]

Because we all know that Linux has had trouble making inroads to the desktops of average end-users. This should really help out a lot in that department. Credibility for Linux! Whoo ya. Few more stories like this and it's bedtime for OSX and Vista - you watch!

PodLinux?

[nsayer]

So how many devices are vulnerable to this? About 12 or so?

it's a tactical move from Kaspersky

[Walter+Carver]

Kaspersky is saying this now so that his future FUD about Linux and BSD viruses will sound more plausible. Not long ago that company tried to FUD us about the increase in Linux viruses. And it just happened that an important number of these viruses where in fact Windows viruses/malware mis-classifed as Linux ones.

Re:it's a tactical move from Kaspersky

[Ilgaz]

That is exactly why I pasted that blog entry. Kaspersky never tried to spread FUD, they tried to inform the IT community about a nightmare scenario where all AV companies fail to detect a perfectly coded virus and its impact on the planet in a professional conference.

As a side note, Kaspersky _is_ the company who found that iPod virus and the blog entry by the BOSS of Kaspersky says it is NOT a danger right now.

Also head to http://www.phishtank.com/ , see the unbreakable, super secure Linux and BSD systems used for criminal purposes. 3-4 years ago, if someone told 2000 phishing sites would be active at a second running Apache/Linux/BSD, they would be blamed for spreading FUD.

I am not saying Linux is unsecure, the "feel" of security such as blaming any company notifying about danger of outdated software and false sense of security is a more dangerous thing than 1000 buffer exploits.

Linux is not vulnerable when configured properly!!

[MrJerryNormandinSir]

Gee.. more fud.
If you install Unix you should configure proper security, don't just run it out of the box!
I flashed my Ipod so I can play ogg format files. It's been running Liunux for three years.
No problem man!

Fud Fud Fud Fud Fu$%ing Fud

FYI

[olego]

The plural of virus is viruses. The following link has a thorough explanation of the word's Latin roots.

http://linuxmafia.com/~rick/faq/plural-of-virus.ht ml

Re:I know! I know!

[electrosoccertux]

what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

I'd let it infect me over and over again... Isn't a virus (or we could call it a bacterial infection for fun), by definition, malicious? So then this wouldn't be a bacterial infection jumping around, it would be a self-replicating godsend antibiotic that cures all illness.

Oh no!

This is even more dangerous than the virus that attacks people running Vista on their Amigas!

*yawn* not much of a virus

[bl8n8r]

can't replicate, can't launch automatically and "user has to save the virus to the iPod memory for the device to become infected" Why not just format the ipod and save yourself a lot of dicking around?

Wake me up when you get root, lamer.

Re:I know! I know!

After reading that, my head hurts

This is really serious

[NatteringNabob]

I heard that the virus had already infected BOTH IPods that are running Linux.

Re:This is really serious

Wouldn't it be easier to contact the other guy directly insteed of just hoping he would come across the press release.

Programmer Writes Program For Programmable Device

[SirStiff]

.. this just in...

Re:I know! I know!

[Virgil+Tibbs]

Isn't a virus (or we could call it a bacterial infection for fun), by definition, malicious?
well. strictly speaking it could work both ways: it could be a mutualistic interaction like this:

A famous land version of symbiosis is the relationship of the Egyptian Plover bird and the crocodile. In this relationship, the bird is well known for preying on parasites that feed on crocodiles which are animal]]. To that end, the crocodile openly invites the bird to hunt on his body, even going so far as to open the jaws to allow the bird enter the mouth safely to hunt. For the bird's part, this relationship not only is a ready source of food, but a safe one considering that few predator species would dare strike at the bird at such proximity to its host.
Source wikipedia.org

Re:We already know Linsux is a virus...

[Virgil+Tibbs]

'MicroSux WinFUX'? c'mon, get a life and grow up.

Panic! Panic!

I made a virus that infects all computers that open the webpage it's on. And it only uses javascript, so they'll never suspect. Since I love Slashdot sooo much, I'll let you guys see the source code. Shhh, don't tell anyone!!
<script type="text/javascript">
function virus()
{
document.write("You have the lamoVirus! Watch out! Go buy some better Anti-virus software for only $500!")
}
</script>

to move my stored comments down, some crap...

[rucs_hack]

gjk hjk jk