Hype around malicious code for handhelds

The new virus war zone: Your PDA”, “Take care of the Palm virus”, “Virus attacks portable devices” etc – these are titles of some of the articles that pointed out “serious security issue” with Palm Pilot hand held device. I read literally about 30-40 different articles, and the main point of most of them was – raising FUD. Maybe you’ve heard about a program for Palm’s called Liberty, which doesn’t do what it should do, but it deletes applications from the handheld device. For the story that gives you the best (and true) information on the issue, it is the best to quote the author himself. This comment of his was posted to PalmStation.com.

The first thing I can say is that I wrote this program. It was not originally designed for this purpose, it was designed to setup a device in a state which a future product I was working on would help clean up any redundant data files or preferences in your Palm Computing Device (something like “CleanSweep” for Microsoft Windows).

[…]

Last night, on #palmwarez, I discussed my new test program with a fellow friend and he suggested that “hey, this would be nice for leechers”. On the surface, it sounded like a good idea, I rushed into #palmchat enthusiastic about it, and gave it to a few friends, but after discussing it openly I decided not to release this application.

[…]

I did not distribute this application the warez community, as was originally intended. I went out for dinner, I heard from a #palmwarez friend that someone on #pdawarez had the application – so I went their to warn them about it. The kicked me (channel) so I logged on again, but it was too late. The damage had been done, I offered free registrations to those who were infected, however, got no response. Warnings were then added to the #pdawarez topic. It is still unknown at this point how this application was distributed in this community. My assumption was that it was only distributed here, and their warning seems sufficient. When I discussed with Calvin Parker when I woke up, I realized that it could be in the general community as well, so I posted the warning as seen this morning to PalmStation.com – it was also reflected on PalmGear.com by Michael Ethetton. Now, after having many hours of thinking, I regret even considering what could be with done with this application and giving to anybody on #palmchat was a very big mistake. The decision NOT to distribute was made, however, someone did. My only hope is that the application no longer exists.

A trojan, virus, malicious code? The standard thing with some media outlets is that they mix some terms. Since the Back Orifice era, it was called a trojan (which was right), but numerous articles referenced it as a virus. I remember some paradoxal phrases like “trojan horse virus” or “trojan virus”. So now what is what?

These terms were taken from Glossaries of several Anti Virus vendors:

Virus:
A software program that attaches itself to another program in computer memory or on a disk, and spreads from one program to another. Viruses may damage data, cause the computer to crash, display messages, or lie dormant.

Trojan:
This is a program or part of program code that performs destructive actions, i.e. depending on some conditions wipes out information on disks, hangs up the system etc.

So is your little “hero” Liberty a virus (like some journalist prounounce it)? NOT… It has malicious code, and it could be categorized as a trojan application because it does something it shouldn’t have to do. When this issue started mass media panic, I suppose we all could see big smiles on faces in most of Anti Virus companies. It was their day – they started to promote their ways and tools to stop future Palm “viruses”, and enjoyed to see their comments in articles all over the web.

“Companies are realizing that the PDA is a hole in the security net. The devices don’t have a lot of security. It is something that they have not managed to squeeze in.” – said Ryan McGee, product marketing manager for McAfeeB2B.com Corp., the anti-virus software subsidiary of Network Associates Inc.

With this quote Mr. McGee wants you to visit McAfee site and to find the URL which says: “McAfee.com’s Wireless Security Center slams the door shut, with total virus protection for handhelds, along with resources to make sure you get the most from your device! Subscribe today, and get a full year of the Wireless Security Center for only $29.95 (USD)!” “Currently, it’s not a big deal, but it portends a grim future for Internet appliances.

The VX society wants publicity, so I have to think that a Palm virus is not far behind.” – said David Perry, director of public education for anti-virus vendor Trend Micro Inc. The bad thing is that Anti Virus companies think of the money, not our protection (at least generally speaking). Why would they raise panic in advance, if they don’t want you to be alarmed, and in the near future to buy their AV solution. Do doctors say that in few years, AIDS or some other virus could mutate and affect a lot of people? Not. Why should they raise panic – they are happy with their position and they know they will always be needed.

“Norton AntiVirus detects Palm.Liberty.A on the desktop PC before the malicious application is synchronized to the Palm device,” said Vincent Weafer, senior director of the Symantec AntiVirus Research Center (SARC). Finally someone is speaking about detection and removal and not some future threat to millions of people. But, it looks like I’m wrong – Mr. Weafer added – “Symantec is prepared to protect its customers against emerging malicious threats across a variety of platforms.” Yes I know that all new “proof of concept” programs are likely to start a boom in both media and business world, but maybe just once AV vendors should focus on the present situation, present tools and detection methods, and not something that could happen in the future.

So really how was the impact of this malicious code? Truely said, maybe 1% of what meida outlets wrote about it. Let’s say that the program was avaialable just on some IRC underground/warez channels and it doesn’t have the ability to reproduce itself (yes one more fact that differs it from a virus). Then, we could throw away a theory that users will distribute the program – it differs from most Windows trojan horses, that run in the background, because this one has a destructive payload which will cause files to be deleted. So technically, the risk is low. Palm representatives were also quoted saying that the risk is very low, and that they won’t do anything about it.

Don't miss