Bug Targeting Hand-Held Devices Was Short-Lived

[InfoSec News <isn () C4I ORG>]

http://www.latimes.com/business/20000830/t000081534.html

Wednesday, August 30, 2000
By CHARLES PILLER, Times Staff Writer

SAN FRANCISCO--It might be a dubious distinction, but the Palm
hand-held computer has finally become popular enough to be targeted by
a malicious software program.

Experts warned consumers Tuesday about the first such software
assault--a program that masquerades as a video game, but once played
begins to delete other software programs on the wildly popular Palm or
Handspring Visor devices.

However, the threat was short-lived and few users were affected by the
destructive software, which unlike a computer virus does not
reproduce.

Apparently as news spread of the bogus software, it was removed from
the Web by those who had posted it.

"It's not in circulation, and no one in the world is experiencing
trouble with this anywhere," said David Perry, public education
director of Trend Micro, an anti-virus software maker in Cupertino,
Calif.

The bogus program has been dubbed "Palm_Liberty.A" or "Liberty Crack."
It was named after Liberty, a popular Palm program, made by Gambit
Studios, that lets users download and then play games made for the
Nintendo GameBoy hand-held computer.

But the malicious virus software was briefly available through
Internet Relay Chat--a popular Internet communications network--and on
a number of Web sites that supply game software. Once transferred from
a desktop computer to a Palm or Visor and run, it deletes
supplementary programs on the user's device, such as Web browsers,
maps, wine-tasting evaluation software and such. But the virus left
address book, calendar and other basic programs intact.

However, anti-virus experts believe that the episode is likely to be
repeated as Palm-like devices increase their popularity--following a
pattern seen with PCs more than a decade ago.

"This is more important as a proof of concept--of what can be done
with Trojan horses and viruses on these [hand-held] machines," said
Vincent Weafer, director of Cupertino-based Symantec's Corp.'s
anti-virus research team. Until now, destructive attacks on hand-held
computers were known to be possible but had been demonstrated only in
labs, Weafer added. This is the first case of a harmful piece of
software "in the wild."

Several anti-virus companies offer software that detects and removes
the program from a PC; users then plug in their hand-held computer
with the PC to wipe out malicious software from the hand-held device.
But according to Perry, no one is distributing the harmful software
any longer.

The incident, however, is one in a series that suggests the problems
of PC software attacks will move to the wireless world. In recent
weeks, software vandals caused Japanese mobile phones to spontaneously
dial emergency numbers; in another case, the text-messaging network
for cell phones in Germany was flooded with bogus messages.

The Palm case might ironically have been an accident.

"The whole purpose of my research was to investigate anti-cracking,
and assist developers [to] stop cracking," said Aaron Ardiri, a
Swedish software developer who also teaches at the University of Gavle
in Sweden.

Ardiri said he created Liberty Crack to sweep off unwanted
programs--such as those that might be planted by actual
crackers--without harming a user's data, and he gave an early version
to several of his friends.

Ardiri said he decided not to release it because it might cause harm,
but he said a friend posted it on an Internet Relay Chat channel
without his knowledge.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".