Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
News

Viruses, Trojans And Worms -- Unplugged? 88

Posted by timothy from the wait-for-low-earth-orbit-sats dept.
An Anonymous Coward writes: "This two-part article at Wireless NewsFactor examines the risks of malicious code on wireless platforms and what companies can do to combat potential threats. The gist of it is that wireless viruses/worms/trojans are unlikely to spread unchecked, and it digs pretty deep into why that is the case."
This discussion has been archived. No new comments can be posted.

Viruses, Trojans And Worms -- Unplugged? More

Viruses, Trojans And Worms -- Unplugged?

Comments Filter:
  • With Sun's creation of the KVM and MIDP, would it be possible to spread a virus to all the supported platforms? I suppose the virus still needs an 'in' though.. so it may not be possible.

    • Re:Not a virus programmer, but... (Score:4, Interesting)

      by jeffy124 ( 453342 ) on Friday August 24, 2001 @04:29PM (#2215253) Homepage Journal
      with the number of wireless devices using Sun's Java Micro, that's an interesting thought. I know at JavaOne last June the numbers were stagering, but I dont remember what they were specifically. All I remember were CEOs from Nokia and other big name wireless companies telling how they've embraced the j2me for their products. By having the j2me on all these devices, one virus could wipe them all out quickly, much like many windows-related worms.

      But, as you say, that requires an 'in.' The J2ME inherits it's security model from the desktop version, hence wireless apps are essentially running in a sandbox that prevent and prohibit certain types of behavior, almost as if there's an anti-virus tool installed on the device.
      • The J2ME inherits it's security model from the desktop version, hence wireless apps are essentially running in a sandbox that prevent and prohibit certain types of behavior, almost as if there's an anti-virus tool installed on the device.
        Well, that's the design, at least. Unfortunately, that doesn't mean that the implementation lives up to the design. I would be surprised if there isn't at least one J2ME virus which expoits a vulnerability in the sandbox.
        • you're probably correct. I'm not a wireless developer type, just a desktop developer, so I'm just goin on about things i picked up from the JavaOne Conf in june.

          there have been holes found in JVMs for desktops, hence there are probably holes yet to be found in the K Virtual Machine. I know for one the most holes thus far have been found in the class loaders, yet required Java code very intricately written in order to be exploited.

  • deCSS virus (Score:4, Funny)

    by kaldari ( 199727 ) on Friday August 24, 2001 @03:47PM (#2215047)
    Why doesn't someone write an email virus that includes the alogirithm to decode DVDs? Then everyone would be breaking the law! Yeehaw! Breakin' the law!
    • While funny, it would also make reporters everywhere describe deCSS as an evil hacker tool that must be destroyed, and that it's authors should be put in jail.
      • It doesn't have to be deCSS...

        It might be packaged with a Microsoft support letter PDF file complete with the capability to print the Utah address on the envelope...

        And don't forget to bundle a document editor, Media Player, MP3 encoder, web browser and mail reader, all coded in ASP.NET for maximum efficiency!

        Micro$oft: Empowering the Email Virus Generations!

  • This reminds me (Score:5, Funny)

    by wbav ( 223901 ) <Guardian.Bob+Slashdot@gmail.com> on Friday August 24, 2001 @03:52PM (#2215081) Homepage Journal
    Of once, with the ILUVU virus, we had a person re-infect their machine, becuase they downloaded the virus in their e-mail into their palm. When we cleaned the machine for her, she synced up her palm and put the e-mail back. The lady was stupid enough to click on it a second time.

  • PDA's are even more vulnerable to attacks (Score:3, Troll)

    by UltraBot2K1 ( 320256 ) on Friday August 24, 2001 @03:53PM (#2215091) Homepage Journal
    Point-Counterpoint: Portable wireless viruses such as Palms, PocketPCs, and wireless phones are, in my opinion even more vulnerable to attacks. Think about it for a moment, when was the last time you installed a firewall or virus protection software on your cell phone? Never...that's because it doesn't exist. Portable software is written with the number one priority being size. Flash storage is expensive, and most devices don't have more than 32 MB at most available. Software needs to be extremely compact, and in the process, loses some of it's functionality. The focus is on cramming as many features into as little space as possible, and security is often overlooked.

    Also, many portable devices aren't easily programmed, and some cannot be programmed without physically modifying the device. Sure you can download a dev kit for your PDA, but not that many people know how to code for them. Cell phones are even harder to write code for. That means bugfixes and patches are going to be slow or non-existant, leaving them even more vulnerable to security exploits.

    Finally, the userbase of most cellular phones and PDA's aren't exactly the most technically saavy people out there. Most users of these devices are ignorant yuppies who could care less about security issues of the WAP protocol vs. Bluetooth. These people don't care/don't know better. All they want to do is talk to their girlfriends/write a grocery list while they're driving home in their BMW or SUV. Most, if not all cell phone users are simply too ignorant to care about security.

    • The problem is spreading the Viruses. Once you get something executing on a Palm platform it can really take over, but it's fairly hard to spread malicous code around on the palm. Most people only beam business cards, not executable applications. The best bet seems to be to trojan the hotsync app, but even that is just a computer virus that happens to do something to the Palm, it's not like people share lots of cradles since every palm comes with one and it's not particularly easy for non-technical people to use the built in facilties for remote syncing.
      • Once you get something executing on a Palm platform it can really take over, but it's fairly hard to spread malicous code around on the palm. Most people only beam business cards, not executable applications.



        The palm does present a fairly straightforward vulnerability to beamed viruses. Because you can beam applications as well as data, and the verification screen that the palm displays upon receipt of an item is generally just "okayed," there is a possibility for sending malicious apps.



        I'm sure somebody could write an app or a hack that captured beam attempts and sent virus code instead of (or in addition to) the intended data. So, you try to beam a business card and a small application gets sent to the other person. The new application is named, lets say, "Preferences" or "Updater", the person runs it, and infects their own palm... etc. etc. (and imagine a trojan with a time delayed payload... a cool app with a feature set like vidigo [vindigo.com] could be all over the place before Bad Things happen...)



        A lack of tech savvy users, coupled with frequent beaming is a potential danger. Not pretty...

        • Basically that's an email virus...in the days before outlook. The person has to not only okay the download, but then run the application (and many people don't ever run anything other than the datebook, address book, memo pad, and maybe the calculator. Even non-savvy users have to work to start the spread of this little beauty. Worse, you have to walk right up to someone to spread it, so you can't get Melissa like rates of infection.

          A time delay trojan is something else entirely. It's just a net virus that affects the palm. You still have the above mentioned problems if the virus tries to propagate through the IR port.

          One final note: the IR port is slow if your virus is bigger than a few k, the people are going to think something's wrong and pull their Palm's back to investigate (IE if that busniess card that takes half a second to transfer normally is taking 30 seconds, then they might think something is broken and trade traditional business cards.

          All this strikes me as theoretically possible but somewhat infeasable in practice.
  • Come on, Timothy.. According to my book Requisite Puns for Journalistic Headlines, it clearly states that :

    When writing a headline listing three items followed by an exclamation, the exclamation must always be "Oh, my". No exceptions.
  • I can say one thing, I can deal with my computer at work being dead half of the time because my lovely co-worker down the aisle "accidentally" opened an attachment and unleashed the BLOB on our network...

    But when my cell phone starts working randomly, Sprint and I are going to fight. =)

    jrbd
  • Let's see when the clever media use these terms regarding wireless malware:
    "air-borne virus"
    "pegasus" (flying trojan, oh never mind)
    "Quetzalcoatl" (you can figure it out)

    More prosaic:
    "wireless worm"
    "Code Infrared"

  • Today on c|net there's an article about "Tojan.Offensive", a trojan, that will f*ck up the Windows registry, when you click on a button in an e-mail:

    Trojan horse goes on the offensive [cnet.com]

    Well, now I know why I deactivated ActiveX on all Win-boxes I use, and never missed it, except when trying to use the Windows-Update-Function: to update you Win-box, you first need to make it insecure by enabling ActiveX...

    :-)
    ms

  • I think it was summed up.... (Score:3, Funny)

    by Lxy ( 80823 ) on Friday August 24, 2001 @04:03PM (#2215136) Journal
    in the very first paragraph. Anything that can be programmed can be programmed to do bad things. In my opinion, wireless opens up a new door. Since all devices must communicate over open air, they're easily sniffed. Just wait until someone figures out how to HIJACK a packet and trick the wireless device into thinking it's contacting a trusted host when in fact it's exchanging packets with a trojaned host. Then you open up a new attack angle. Suddenly you're downloading a spreadsheet to your PDA that's not a spreadsheet, it's an Excel macro virus.

    IMHO this article is really arrogant. It's still a well known fact that unplugging your computer is the only true security, connecting it via wireless is opening up the channel even wider.
    • The problem with Hijacking a wireless signal might also be that it is broadcast. In a classical wired system a Hijacker can place himself easily in the middle of a line between points A and B. Thus stopping physical traffic to intercept it if they want. In the wireless case, while much easier to intercept the signal (as its being broadcast to anyone who want to listen) sending out a signal in place of the one that is already out there could be tough. You would need to somehow stop people from recieving the broadcast information so you could send something in its place. This is not to say however that you still couldn't broadcast original content somehow and send it to wireless devices, but hijacking something mid signal would likely be very tough. This is however a purely logical analysis, I don't know the all that many specifics on the actual reception of wireless signals. Someone with more knowledge might be able to help clear this up.
      • I do realize the complexity of hijacking a packet. Yes, my post was completely theoretical, but then again most attacks start with a good theory. I don't know the first thing about WAP but if it has any sort of error detection (such as filtering out weaker "ghost" signals) you may be able to RF shield the the trusted host and assume it's indentity with another. The wireless device will go for the stronger source and viola, you have a hijacking. The inital ideas I have on the subject could only be done in a lab, in the real world it'd be tougher to do (climbing towers while carrying 100 square feet of sheet metal and so forth). Anyway, this is all theory but hand it to an engineering student and it'll only be a matter of time when this happens.
  • The article has a spokesperson from Palm explaining why worms are unlikely to spread between wireless devices running PalmOS, but despite mentioning wireless devices running CE doesn't give any information as to whether or not it's vunerable. Does anyone have any hard information as to protection levels within the syncing process on CE? (The existence of third-party virus protection software would seem to indicate that they weren't high.)

  • Virus/worm/trojan (Score:3, Funny)

    by boinger ( 4618 ) <boinger@@@fuck-you...org> on Friday August 24, 2001 @04:09PM (#2215163) Homepage
    Is that what they're calling WinCE these days?

    Finally, they agree with me.

  • A few days ago when I was at my mother's work, she asked me how to deal with a copy of the Love Bug which for some reason arrived at her computer. Nothing special, right? Except for this: the mailer is Netscape, the OS is Solaris, the computer is Sun SPARC and my mother is a very experienced UNIX developer/maintenance programmer.

    What's the moral of this story? Obviously, the particular problem in this case was the global hype surrounding the Love Bug and its consequences. This hype made my mother abandon the usual UNIX reflex (if it's Microsoft it has nothing to do with me), and treat this problem as real.

    It seems to me that the global problem is ignorance. People do not know what viri are; they do not comprehend the concept of a remote exploit; many of us do not have a clear understanding of system security.

    I think the proper solution would be to educate people through the mass-media (BTW, it's time for the TV networks to get someone who knows both what a worm is and how to pass on his knowledge to other people). Additionally, security training could be added to all those hi-tech management courses PHBs attend - maybe they'll absorb a few bits (or bytes).

    Literacy in various subjects was the driving force of many important reforms and revolutions throughout the human history. It seems to me that some knowledge could improve immensly the computer security culture that we know today.

    • Re:The main problem is ignorance (Score:4, Interesting)

      by freeweed ( 309734 ) on Friday August 24, 2001 @04:36PM (#2215285)
      Not to sound like a troll, but shouldn't an 'experienced UNIX programmer' generally have the requisite skills to look up 'i love you virus' in Google, read that it only affects Outlook, and move on? I think a bigger problem is people's unwillingness to RESEARCH a problem themselves.

      • Well, no, an experienced UNIX programmer should know how to use fork(), domain sockets, or the internals of SQL (her job is around a database), and she knows all of that perfectly.

        The problem was not that she didn't know how to handle that, she did (it's not the first time she receives it), but rather that the hype was so big that it confused her.

  • There are numerous initiatives to use cell phones as trusted computing devices: for micro payment (and even paying large sums), for authentication purposes, for tracking disabled people (in conjunction with GPS, for example), for emergency calls. People even think of using them in the context of legally binding digital signatures.

    These applications assume that cell phones are reliable devices, which keep secret data secret and operate without hickups until the battery runs out. So far, none of the initiatives has really gained momentum, but will people stop to reconsider what they are doing when cell phones become more and more similar to general-purpose computers, with fully-fleged browsers showing web content on tiny displays, possibly even including a EMCAscript interpreter?

    I don't think so, and the results could be devastating.
    • The biggest work in the mobile market at the moment is 3G networks - which will integrate data, voice, and video over a high-speed cellular network.

      Most of the implementors are explicitly not making an assumption that the terminal is a trusted device, and are relying on the USIM to carry trusted information (such as identity information), and on encrypted network storage to carry certificates etc.

      Location based services do not rely on GPS, and do not rely on trusting the phone - LBS is a network function.

      Digitally signing will require an authenticating protocol (e.g. USIM->PIN) and this authenticator will unlock a cert held in a crypto vault.
      • Most of the implementors are explicitly not making an assumption that the terminal is a trusted device, and are relying on the USIM to carry trusted information (such as identity information), and on encrypted network storage to carry certificates etc.
        This isn't enough. These implementations assume that the user interface (display, number pad) can be trusted, too. Once the cell phone resembles a general-purpose computer, this is no longer true.

        Of course, even today, people ignore such problems, add a tamper-proof device which stores the secret and performs the crypto operations, but continue to use the host computer to view the documents which are to be signed etc. Of course, this approach is not secure. A few German researches have recently broken such a system even though it had been certified to be "secure".

  • Did you notice this spin?

    Malicious code can replicate more easily when more hosts are available, so virus creators tend to focus on widely used platforms. (That is why few viruses exist for wireless platforms right now -- and why more viruses plague Windows platforms than Mac or Linux platforms.)

    Obviously Windows' market penetration is the ONLY reason Unix/Linux platforms have essentially no viruses while Windows has so many it's spawned an ENTIRE INDUSTRY of virus-protection software. The organization and quality of the software and the number of people looking for and fixing bugs have absolutely NOTHING to do with it.

    So if a lot of people abandoned Windows for Unix, Linux, or OSX virus writers would write viruses for them. Since only popularity matters, they'd succeed as easily with those other operating systems and app suites as they do now with Windows. So viruses would be just as much of a problem as they are now. So don't bother to switch.

    Subtle, isn't it?
  • Popularity is a key predictor of where viruses, worms and trojans will turn up, according to Prince. Malicious code can replicate more easily when more hosts are available, so virus creators tend to focus on widely used platforms. (That is why few viruses exist for wireless platforms right now -- and why more viruses plague Windows platforms than Mac or Linux platforms.)


    Prince noted that if a platform -- wireless or not -- is popular, virus writers have two advantages. "One, they're able to find out how it works more easily," he said, "and, secondarily, the thing that they create has both higher visibility and a larger population to spread in.


    Ahem.... WRONG!

    Apache and Linux both have source available. Therefore, it should be MUCH easier to figure out how they work than IIS/Win2K. Apache/Linux is deployed across more web servers than IIS/Win2K. Therefore, more people should write viruses to the more popular program.

    So then why is CodeRed (I,II,III,IV,etc.) for IIS/Win2k? Because IIS/Win2k is a funnier target. It's more fun to stick a thumb in Bill's eye than in Linus' eye.

    • It's easier to figure out how Apache, say, works. But it's harder to code an exploit because of compiler & OS differences.
      If there is a buffer overflow in IIS (for which every binary is identical) running on NT (every install of which is v.similar) then it is easy to predict where the IP will end up, where system DLLs etc. are.
      With open-source operating systems and application, there may be a significant number of installations that are different enough from the majority that it is either not worth writing a worm, or an in-the-wild worm won't spread easily because of scarcity of suitable hosts. Apache isn't rare, but it is probably less uniform than IIS.
      Just my guess.
  • I would think that virus, worm Trojan etc. protection would ideally be performed at a lower level that the application interface.

    To explain what I mean, these wireless devices will have a common communications protocol, and possibly nothing or very much more in relation to the UI, presentation, you know user stuff. Say nothing of the actual, Um, activate LCD node 23h-87v, and check to see if this cell is paid for.

    Any good anti-viral developer would realize that the best place to nip this sort of thing in the bud would be in a clean area. There's nothing to say that a worm that rot-13's your contact list or something of the like will actually be able to wipe your activation codes after sending them to heroin dealers in Detroit.

    The easiest place for a virus to work and propagate is at a high level, such as outlook in the windows world, and this will probably be true in the wireless world.

    There's nothing that says that Ericsson, Nokiea, Motorola, Sony, Tom, Dick, and Harry have to use the same underlying chipset to perform these tasks. I've never heard of a standard in all cell phones WAP chip!

    If AV vendors concentrate on these particular chipsets, to say Norton NokieaAV for example, they will better be able to handle this threat. Only interface with the network like messaging would to receive updates.

    That said, the less easy; more work, more hassle, more coding area of wireless virus writing, should concentrate on the underlying chipset to do the same job. What good is an AV product if it can't be updated, or worse yet can't be installed! I wouldn't be suppressed if the memory cores of these devices, being that they contain activation codes, are just as hard to re-program as DirecTV HuCards.

    The place to get it done is at the chipset level, talking in native code, not protocol code. Find a back door before manufacturer-X finds it, and you're set.

    Any AV vendor will also have to do a good job of preventing back doors in their code as well, so it's probably bound to be a large mess.
    • Also, yes, it's me again. A PDA such as Palm, outside if IRDA is NOT a WIRELESS DEVICE! A pager is, rim wireless is, a cell is, but a PDA is not, please!
  • So... could we call WinXP a virus? Even people with brains (nonM$users) will feel the damage.
    This will be bigger than the W2K bug :))
  • Is it just me or does the story reek of 'riding the public interest'? A story of little to no meaning that is just one more way of throwing the nasty virus scare at the public... to rehash what is possible at heart just another rehash story to remind us of the news that was (is) CodeRed (and other worms/viruses that made the mainstream).

    Don't get me wrong... I realize that this is a very real issue. But assuming for a second that any software on a device that ever communicated with the outside world (via disk xchange, bbs, net, etc) is and likely always will be a possible victim to a virus/worm. With that in mind what is this article really saying? Its software and its online, of course its might be suspectable to a currently undiscovered exploit. I'm not saying it should be ignored... but is this news or just another media attempt to scare the public and/or rehash an old story?

    It appears to me the only 'news' of the story is this preemptive strike, antivirus software. Now I have certainly never been the most paranoid geek in the world, but having antivirus software on a critical system seems to me more of a good step then a strike of any sort... it is not preemptive, it is delayed. I think a quote from the artical by Rob Rosenberg sums it up well... "The threat is quite simply that people won't use antivirus software on the devices, won't use security software, won't use proper passwords,"

    Alas.. isn't that ALWAYS the problem? Again I ask.. is this really news?

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close