In the waning moments of August, major security firms announced the arrival
of the very first wireless bug to Palm’s handhelds, but it was relatively
harmless because it didn’t replicate. For that reason, it was not
technically labeled a virus.
But Friday, a virus was uncovered that does multiply — and wreaks havoc.
Dubbed PalmOS/Phage.1325., this hungry new creature quietly infects an
application when it is launched. The bug fills the device with a black box,
killing the function. It makes it seem as though files have been killed when
they really haven’t been.
McAfee’s Anti Virus Research Team
sounded the alarm Friday
after a Yahoo! Inc. user reported it.
AVERT officials downplayed the threat, giving the bug a low risk assessment,
which is the usual gradation for bugs that are not running rampant through
corporate environments as the Melissa e-mail virus did some months ago.
Mere hours after it was reported F-Secure Corp. jumped into action with a remedy — F-Secure Anti-Virus for Palm — a protection program which
runs on the Palm PDA itself. This utility is available for free download at here.
But the question remains: What could happen if it did get loose?
When the first handheld virus, a Trojan Horse called Liberty, hit the scene
last month security experts were not surprised. They knew it was only a
matter of time before developers created bugs for personal digital
assistants.
Sal Viveros, director of product marketing for McAfee, said then that users
should be aware that hackers and virus writers now have a “roadmap” in terms
of scripting a malicious code for wireless appliances.
Phage represents another road on that map. Trend Micro’s Inc.’s Public Education Director David Perry told InternetNews.com then
that the Palm Trojan bug was a milestone in that security specialists are
getting a glimpse of what the future might be like if malicious wireless
codes come to know full interoperability.
However, Perry said viruses are barely a threat when they are contained
before they are unleashed in the wild. Perry also said the handheld
community can expect to see more copycats.
“We’d have to get stung pretty bad before we all cracked down and did
something about it,” Perry said.
Another reason for concern is that PDAs are difficult to check for viruses
as they are not hooked up to a main corporate network. This makes virus
scanning by network administrators more time consuming.
Readers can find out more about wild and caged or “zoo” viruses here.