RealTime IT News

A Palm Virus Is Born

In the waning moments of August, major security firms announced the arrival of the very first wireless bug to Palm's handhelds, but it was relatively harmless because it didn't replicate. For that reason, it was not technically labeled a virus.

But Friday, a virus was uncovered that does multiply -- and wreaks havoc.

Dubbed PalmOS/Phage.1325., this hungry new creature quietly infects an application when it is launched. The bug fills the device with a black box, killing the function. It makes it seem as though files have been killed when they really haven't been.

McAfee's Anti Virus Research Team sounded the alarm Friday after a Yahoo! Inc. user reported it.

AVERT officials downplayed the threat, giving the bug a low risk assessment, which is the usual gradation for bugs that are not running rampant through corporate environments as the Melissa e-mail virus did some months ago.

Mere hours after it was reported F-Secure Corp. jumped into action with a remedy -- F-Secure Anti-Virus for Palm -- a protection program which runs on the Palm PDA itself. This utility is available for free download at here.

But the question remains: What could happen if it did get loose?

When the first handheld virus, a Trojan Horse called Liberty, hit the scene last month security experts were not surprised. They knew it was only a matter of time before developers created bugs for personal digital assistants.

Sal Viveros, director of product marketing for McAfee, said then that users should be aware that hackers and virus writers now have a "roadmap" in terms of scripting a malicious code for wireless appliances.

Phage represents another road on that map. Trend Micro's Inc.'s Public Education Director David Perry told InternetNews.com then that the Palm Trojan bug was a milestone in that security specialists are getting a glimpse of what the future might be like if malicious wireless codes come to know full interoperability.

However, Perry said viruses are barely a threat when they are contained before they are unleashed in the wild. Perry also said the handheld community can expect to see more copycats.

"We'd have to get stung pretty bad before we all cracked down and did something about it," Perry said.

Another reason for concern is that PDAs are difficult to check for viruses as they are not hooked up to a main corporate network. This makes virus scanning by network administrators more time consuming.

Readers can find out more about wild and caged or "zoo" viruses here.