RealTime IT News

Rivals Rush to Crush Trojan Horse Wireless Bug

Two rival virus protection firms arrived at conclusions to the same wireless bug Tuesday with the introduction of solutions to the Trojan Horse, known as "PalmOS/LibertyCrack."

McAfee appears to have beaten Trend Micro Inc. to the punch, announcing the availability of its VirusScan Wireless tool Monday night. Its competitor trumpeted its solutions a couple hours into Tuesday morning.

The bug, discovered this past Saturday, disguises itself on Web sites as an enabler for a popular gaming application called "Liberty." When users run what they think is access software for the full version of the game, they are infected with the Trojan. Once infected, all applications on the users' personal digital assistant's are deleted.

Sal Viveros, director of product marketing for McAfee, confirmed that because the bug did not spread from e-mail server to e-mail server or network to network, it remains low risk; it devoured only the applets on the device on which it was downloaded.

However, Viveros said users should be aware that hackers and virus writers now have a "roadmap" in terms of scripting a malicious code for wireless appliances.

"Unfortunately, there is now a blueprint for other code writers to do a concept virus like this," Viveros told InternetNews.com Tuesday afternoon. "Now we have to worry about copycats just as we did for the Melissa virus. And, with handhelds, people don't always scan for viruses, so there is an entry point left open."

"We'll be keeping a close eye out now for copycats," Viveros said."

Trend Micro, too, downplayed the bug in a company press statement, saying that although users had complained of the bug via Internet Relay Channels, the firm considered it to be a "very low risk."

Still, that did not stop Trend Micro from issuing the following cautionary advisory.

"It is not clear at this time if the Palm_Liberty.A trojan is targeting specific versions of the Palm OS," the statement said. "Because of this Trend Micro advises all Palm Pilot and Handspring users to exercise extreme caution when downloading programs over the Internet."

Trend Micro's Public Education Director David Perry told InternetNews.com Tuesday the Trojan was actually a bug and not a virus because it doesn't replicate.

"What we try to do is not wait for things to get to the PC -- that's not good enough anymore," Perry explained. "We want to get to bugs before they enter the organization -- pre-proxy, pre-firewall, and pre-gateway."

Perry said the Palm Trojan bug was a milestone in that security specialists are getting a glimpse of what the future might be like if malicious wireless codes come to know full interoperability.

"We'd have to get stung pretty bad before we all cracked down and did something about it," Perry said. "But with this new bug I'd be willing to bet money that it won't appear anywhere else because people have to actually download it and now everyone is aware."

Trend Micro said users may restore infected Palm devices using the HotSync manager by setting the System conduit to "Desktop overwrites Handheld."

While McAfee has one clear-cut answer with its VirusScan Wireless tool, Trend Micro has created updated virus pattern file No. 764 to detect and clean this Trojan and has released it here.

Trend Micro offers a protection suite, including security for the Internet gateway and at the desktop with Update InterScan® VirusWall® and Update OfficeScan™ Corporate Edition, respectively.

For home and mobile users, there is Update PC-cillin® Trend Micro's consumer desktop answer and Use HouseCall™, Trend Micro's free online virus scanner at to detect and delete this Trojan.

McAfee, a Network A