Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Proof-of-Concept Virus for iPods Running Linux

Posted by CowboyNeal on from the fish-in-a-barrel dept.

An anonymous reader writes "Although antivirus companies will probably create a hype saying that iPods are prone to infections, a virus called 'Podloso' is a newly found virus that is just a proof of concept code that can infect iPods running Linux. Once launched, the virus scans the device's hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says, 'You are infected with Oslo the first iPodLinux Virus.'"

40 of 170 comments (clear)

  1. Hear that? by despik · · Score: 4, Funny

    It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

    --
    "I seem to have mastered a certain amount of control over physical reality."
    1. Re:Hear that? by Anonymous Coward · · Score: 4, Funny

      Let's see... To infect your ipod with this virus, you first you have to install Linux. Then you have to install the virus. Then you have to run the virus.

      Oo. I'm scared.

      Now, if you really want to cause panic and terror among ipod users, come up with something that will either replace the DRM on unprotected tracks after they start selling them or something that recodes all your tunes into WMA format.

    2. Re:Hear that? by tomhudson · · Score: 2, Insightful

      You forgot - "then ou have to save the virus to the ipod"

      The article goes on to say it can't propagate itself ... all it can do is corrupt files. That's not a virus.

  2. I know! I know! by that+this+is+not+und · · Score: 5, Funny

    Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

  3. ...another "social engineering" virus by hcmtnbiker · · Score: 5, Interesting

    FTA: Podloso cannot be launched automatically without user involvement.

    I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability. If people weren't so stupid I assume nearly 100% of all computer virus' wouldn't exist, or wouldn't be a problem.

    --
    If i had one dollar for every brain you dont have, i would have $1.
    1. Re:...another "social engineering" virus by Tim+C · · Score: 4, Informative

      The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually). I assume that this one is because it's the first for this particular platform.

      --
      It's official. Most of you are morons.
    2. Re:...another "social engineering" virus by LordLucless · · Score: 3, Informative

      The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually).

      The most damaging (and thus, most reported) viruses don't. I believe the NetBlaster and RedAlert were actual viruses, and spread by vulnerabilities in services enabled by default on standard windows builds.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    3. Re:...another "social engineering" virus by H3g3m0n · · Score: 4, Informative

      Technically these are considered worms, as they actively self propagate, they seek out vulnerabilities in other systems and infect them. Viruses on the other hand attach to similar files and require the user to transfer the file and execute it on another system having a passive attack vector. I'm not sure i would count the iPod Linux virus as a virus as it would have to be able to infect other iPods somehow, if it can't infect other iPods then its really just malicious code. Granted you can take the binary files from one iPod and put it on another but thats not likely to happen meaning it has basically no self propagation.

      --
      cat /dev/urandom > .sig
    4. Re:...another "social engineering" virus by sootman · · Score: 5, Interesting

      But it shouldn't be news. Anything that can run code, can run malicious code. It's only worth mentioning if there's a chance that a user will a) obtain and b) run the code without knowing it's malicious. If the virus were hidden in a song and could be executed just by being played, that would be news.

      Oh, and look: it was discovered by a company that makes antivirus software. Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history? I'd bet my next paycheck that somewhere there's a connection between an employee of that company and the author of this "virus"--and not just a six-degrees kind of link, I mean a real, substantial link.

      Antivirus exec: "Well, in six years, we haven't been able to convince anyone that OS X is insecure. Despite our efforts, there hasn't been a single in-the-wild, self-replicating virus for that platform. What should we try next?"
      Underling: "Maybe try spreading FUD about iPods?"
      Antivirus exec: "Brilliant!"

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
    5. Re:...another "social engineering" virus by Anonymous Coward · · Score: 2, Funny

      Check links before you speak, thanks.

  4. Depends on antivirus company by Ilgaz · · Score: 4, Informative

    ""Although antivirus companies will probably create a hype saying that iPods are prone to infections"

    Well, (Eugene) Kaspersky says at viruslist.com blog (http://www.viruslist.com/en/weblog?weblogid=20818 7356):

    "Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren't constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what's there to steal from an iPod? Multimedia files, and that's about all.

    So - it was an interesting little puzzle, this proof of concept, but nothing more."

    1. Re:Depends on antivirus company by necro81 · · Score: 3, Interesting

      There can be more information to steal on an iPod than just multimedia. iPods have, for quite a while, been able to store contacts, notes, and calendars, typical PIM stuff. There might be something of value in those. On the other hand, if one were to craft a virus for the new iPhone, there definitely could be some malicious value in that, because it stores more information, accesses email and the internet, and is continuously connected to the outside world. On the other hand, the iPhone is a totally different beast than the iPod (and Linux-on-iPod), and will undoubtedly be a much tougher nut to crack.

  5. Legality? by Anonymous Coward · · Score: 2, Funny

    What are the licensing terms associated with this virus? GPL? BSD?

    1. Re:Legality? by Ilgaz · · Score: 4, Funny

      I bet RMS will go mad since it isn't called GNU-Podloso

    2. Re:Legality? by Tony+Hoyle · · Score: 3, Funny

      ..and does a GPL virus that attaches itself to something automatically GPL the thing that it's attached to?

  6. Non-story by nevali · · Score: 5, Informative

    This is possibly the biggest waste of a story Slashdot's had in a while.

    Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

    1. Re:Non-story by nevali · · Score: 2, Informative

      Well, that's part of the point: the potential for an attack vector on something like an iPod is pretty minimal.

    2. Re:Non-story by Curmudgeonlyoldbloke · · Score: 4, Funny

      It's an "honour system virus" - in the same way that sending a user a program that deletes all their files and telling them to run it is.

    3. Re:Non-story by timmyf2371 · · Score: 3, Informative

      But isn't this what viruses (virii?) were like back in the day, before the days of the internet and widespread connectivity? The first viruses were more interested in deleting files and executables and could only be spread by floppy disks.

      Sure, compared to modern-day viruses, which have (d)evolved into almost worm-like behavious, emailing all and sundry in an address book and generally causing mayhem, it's just a tad boring, but I would say it could definitely be classed as a virus - in the same way a Lada could be classed as a car.

      --

      Backup not found: (A)bort (R)etry (P)anic
  7. Thank Goodness by Spackler · · Score: 3, Interesting

    "You are infected with Oslo the first iPodLinux Virus."

    I would like to thank the developers of this virus. For too long, I have been enjoying hacking my iPod. It is good that someone is out there attempting to stop that by ruining my property.

    Really, now on to the real discussion. Can someone explain the motivation? I actually do not understand why someone would waste their time to write a virus. The only type I do understand is the bot net stuff, and that is motivated by money. Heck, if I can take over 5000 computers and sell the work they can do in mass spam or something, at least the writer is attempting to make money. Why write something like this though? If they spent the same time writing real code, they would make money. If they did it for a different organization, they could help the Red Cross with their IT stuff, or a hospital. Why the fsck do this crap?

    Malcontent? Antisocial? What the heck drives these people?

    1. Re:Thank Goodness by operato · · Score: 2, Insightful

      for the fun of it and because they can. that's what happens when you give people choice. surely the matrix taught you that.

    2. Re:Thank Goodness by J0nne · · Score: 5, Insightful

      It's for the same reason people install Linux on their iPods in the first place: because they can.

    3. Re:Thank Goodness by someone1234 · · Score: 4, Interesting

      Creating pseudo-life? Hell, 20 years ago i was very happy when my exe header virus first infected one of my files :) It was definitely more satisfying than hacking away on some j2ee shit.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
    4. Re:Thank Goodness by CDarklock · · Score: 2, Insightful

      I used to run a moderately sized VX (virus exchange) board. There are three main reasons people write viruses.

      1. Because they're fascinating. It was interesting to see what kind of things you could make a virus do. For people like this - which included me - the game was to write a virus that more effectively reproduced, evolved, and evaded detection in a smaller space. You can spot viruses written for this reason because THERE IS NO PAYLOAD. It doesn't break anything. It's an academic exercise. We DON'T CARE what it does. That's not the point.

      2. Because they want money. This was a tiny little minority on my board, and to my knowledge none of them ever actually implemented anything; we just talked about "what if" scenarios. At the time, since the internet was not really a big thing for most people, there was very little a virus could do to deliver information elsewhere. Today, the world has changed, and everything is networked. We can talk to anyone anywhere at any time. And that means this group has simply exploded out of the criminal underworld.

      3. Revenge/status. The vast majority of people on my board were people who wanted to give a virus to their ex-wife or to some guy in school who was mean yesterday. They think that if they give someone a virus it will "show them who's boss" or "everyone will think I'm so cool". This is childish and stupid.

      The author of this virus is probably in the latter group.

      --
      Microsoft cheerleader, blue flag waving, you got a problem with that?
  8. Next gen Virus by ValiSystem · · Score: 5, Funny

    Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code : #include "stdio.h" int main (void) { printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n"); exit 0; } Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)

  9. This is going to spread like wildfire by DrXym · · Score: 4, Funny

    Amongst the 8 people running Linux on their iPods.

  10. Parts needed... by FinchWorld · · Score: 5, Funny
    iPod - £90 to £250

    iPod Linux - Free

    Knowledge and desire to install linux on your MP3 Player - Your social life

    Having been smart enough to install Linux on your iPod then go out of your way to install a virus - Priceless

    For everything else theres run of the mill idiots.

    --
    "I may be full of crap about this game, and I may be wrong, and that's fine." -Jack Thompson
  11. Question by Rogerborg · · Score: 5, Insightful

    What is the intersection between people who're smart enough to have installed Linux on their iPods, and people stupid enough to run a random executable?

    Would anyone in that set like to make themselves known? Anyone? Don't be shy; anyone at all?

    Didn't think so.

    --
    If you were blocking sigs, you wouldn't have to read this.
    1. Re:Question by loconet · · Score: 2

      Here is a picture of him: Ø

      --
      [alk]
  12. What exactly is the point of this article? by Anonymous Coward · · Score: 2, Insightful

    "A Proof-of-Concept Virus for iPods Running Linux"

    a) It's not a virus.*
    b) It's not iPod-specific, it could run on other Linuces as well.
    c) The method isn't Linux-specific, would work on almost any OS.
    So what we have here is, a proof of what concept exactly?

    * Granted, that on all currently popular OS's any executable you launch can touch all the files you yourself can, is in itself a big WTF. But we know that, so we don't launch untrusted executables.

    1. Re:What exactly is the point of this article? by nevali · · Score: 2, Informative

      It might be a big WTF, but what's the alternative? Effectively put everything in its own sandbox? The problem is that your files are created and accessed by the very same programs you want to restrict access: without that access, both the programs and the files are useless. If you get into the explicit-permission game, you end up with something like UAC or Java's sandboxing permissions--neither of which have exactly set the world on fire. Essentially it boils down to this: what good's a text editor that can't edit your files, or a file manager that can't open, rename, move, copy or delete your files? Where's the line between programs which can do things and programs which can't? What determines trusted versus untrusted? Is it digital signatures? If so, who issues them? (And with that we're heading rapidly towards TCPA and friends to ensure the validity of the signatures on all of your binaries, including the kernel and drivers).

      Personally, I'd rather have an OS in which programs _I_ run can access _my_ files, whereas programs other people run can't, than have an OS where programs I run have to be whitelisted to function properly and I either get really lax about the whitelisting and allow everything that seems like it /might/ be OK to access my stuff, or spend all my time tuning and verifying the permissions for programs and no time at all actually using the things and getting anything done.

  13. Once launched ... by krkhan · · Score: 3, Funny
    Here's a much simpler virus which wrecks havoc 'once launched':

    echo "You're being infected with the Idiotisco, the second most stupid Linux virus"
    rm -rf ~
    The Idiotisco virus is a 'proof of concept' that any moron running Linux can set executable bit on a file and run it to damage his system.

    Disclaimer: The source code of Idiotisco virus is disclosed only for educational purposes. I will not be held responsible if it makes your system bleed or gets you fired from your job.
  14. It's not .elf it's *ELF* by cculianu · · Score: 4, Informative

    The file format is called ELF, the executable and linking format. Not .elf. It isn't a file extension. This isn't windows. Bah.

  15. From the J.R.R. Tolkien department ... by ScrewMaster · · Score: 4, Funny

    Once launched, the virus scans the device's hard disk and infects all executable .elf format files.

    As an Orc myself, I'd have to say that all Elves are considered executable.

    --
    The higher the technology, the sharper that two-edged sword.
  16. Re:I know! I know! by Anonymous Coward · · Score: 2, Funny

    Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

    Holy sh*t!! Unplug the Mac, unplug the Mac! So much for my security through obscurity!!!

  17. Whatever happened to... by grnrckt94 · · Score: 2, Insightful

    ...just creating viruses that actually did something useful, like making money? Why do people feel the need to be so destructive?

    1. Re:Whatever happened to... by RDW · · Score: 5, Funny

      How about a Zune virus that strips the DRM from the tracks on the infected machine and 'squirts' itself to all the other Zunes within wireless range? Think about it, if such a virus were released today the number of infections could soar into double figures by the end of the decade!

    2. Re:Whatever happened to... by The+Ultimate+Fartkno · · Score: 2, Funny

      I'm pretty sure that's how the whole "Macarena" thing got started.

    3. Re:Whatever happened to... by Anonymous Coward · · Score: 4, Insightful

      I think this raises the question of which group has larger numbers. Is it iPods with Linux on them or Zunes?

  18. Re:I know! I know! by Virgil+Tibbs · · Score: 4, Funny

    what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

    I'd let it infect me over and over again...

    --
    www.tdobson.net #### Dare to Dream #### blog.tdobson.net