[ISN] First Windows CE virus emerges

From: InfoSec News (isn@private)
Date: Tue Jul 20 2004 - 05:12:10 PDT


By David Legard
IDG News Service

A virus designed to demonstrate security holes in Microsoft's Windows
CE operating system but not to cause damage was identified by security
companies over the weekend.

The WinCE4.Duts.A virus (sometimes known as Dust) only affects devices
running ARM Ltd. processors and infects Pocket PC PE files in the root
directory, according to Bucharest-based Softwin S.R.L., which first
reported the virus on Saturday.

It raises a dialog box which asks "Dear User, am I allowed to spread?"  
If the user agrees, the virus appends itself to all .EXE files not
already infected in the current directory, according to anti-virus
vendor Symantec.

The virus contains no payload, Symantec said.

The virus was sent by its authors to anti-virus vendors rather than
being distributed in the wild and was not designed to propagate on a
massive scale, but rather to demonstrate that devices running
Microsoft Windows CE can be infected by malicious code, according to
Viorel Canja, head of Softwin's BitDefender Labs unit.

There are over 17 million Pocket PCs, smartphones, and other Internet
appliances currently using the Windows CE operating system, according
to Softwin.

More information can be found at the BitDefender site.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Tue Jul 20 2004 - 06:35:43 PDT