Viruses make their stealthy march forwards,
finding newer and newer targets of infection. After the Cabir virus which was
the first to infect mobile phones running the Symbian OS, now we have a virus
for the Pocket PC, running Microsoft PocketPC OS.
The virus is named WinCE4.Dust (or Duts). This virus does nothing harmful —
rather it is a very polite virus, asking you for permission to spread — see
image below:
If the user clicks on Yes in response to the message, the
virus proceeds to infect files — else it quits. The virus seems to have been
written by someone called Ratter, who is part of a hacker group called 29A, who
earlier produced the Cabir virus for mobile phones. Like Cabir, it is a
“proof-of-concept” virus — ie its objective is to demonstrate that
something can be done and not to cause any damage. In fact, the samples of Cabir
and Duts were sent first to anti-virus companies for analysis rather than
released into the wild. In theory, Duts can reach mobile devices by email or the
Internet, through removable memory, by synchronization with a PC or through
Bluetooth.
The virus is also capable of infecting mobile phones running ARM-based version
of PocketPC. In practice, however this is unlikely to happen since it is unable
to spread independently, only infects a limited number of files, and signals its
presence in the system when attempting to propagate However modifying the virus
code to remove the polite request for permission to infect and replacing it by
malicious code is a relatively trivial task.
Peter Theobald, CEO, IT Secure, says “Duts is another illustration of the fact
that the virus problem is just not going to go away — rather it is going to
spread to newer and newer platforms. An effective anti-virus strategy can no
longer be limited to desktops and servers. We have to look at multi-tiered
protection to keep the latest threats at bay”