Computer viruses aimed at handhelds will be even more dangerous than those that attack PCs, a security expert has claimed.
Self-replicating programs with a harmful payload that hide easily could mean a nightmare for the increasing PDA market, Seth Fogie, a vice president of Airscanner, which develops security software for the Windows Mobile platform.
The benign WinCE4.Duts.A (or "Dust") virus was created as a demonstration of threats against personal digital assistants. However, Fogie noted, such programs could spread stealthily, logging keystrokes on the Pocket PC's keyboard, and sending data stored on handhelds across the Internet.
He demonstrated several malicious tools he has created. The programs only work properly on Pocket PCs with ARM processors, but since that makes up the majority of Pocket PC handhelds sold today, it is a serious threat.
Among the tools are a keystroke-logging program, a virtual remote control application that runs undetected, and an FTP server applet that could be modified to run invisibly in the background. Rogue applications of these sorts typically spread as Trojan horse programs when PCs are infected with a virus, and allow its writers to steal or manipulate data.
The Dust virus is only a proof of concept, carrying no malicious code or destructive programming. In fact, the virus actually asks the handheld's owner for permission to install itself, and in Fogie's demo it obeyed when the "no" button is clicked on its dialog box.
Most disturbing is that only a few characters of code need to be changed to force the handheld device to store or run the programs without the user's being aware of them. Only a hard, factory reset that wipes out the device's entire memory will remove the dangerous payload applications.
Fogie's company is developing a software firewall that runs on Pocket PCs. He says that he expects the company to distribute the tool "free for private, non-business users", similar to the ZoneAlarm firewall for Windows.
Also speaking at the conference was virus researcher Sarah Gordon and Yuji Ukai, a software engineer at eEye. Gordon presented her analysis of how magazines and anti-virus companies test anti-virus software. Ukai discovered the LSASS vulnerability in Windows that the many versions of the Sasser worm later exploited.
Coders using the monikers HD Moore and Spoonm demonstrated a tool they created called Metasploit, which Spoonm described as a comprehensive platform for testing various exploits against operating systems and applications. In fact, six new kinds of tools for security professionals were announced at various sessions. Among them are applications designed to circumvent so-called Honeynets, or decoy servers that are used by researchers, and an application that can hide data inside executable applications.