 First Pocket PC Worm - "Win CE4 Dust" |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Jul 17 2004, 03:47 PM
Post
#1
|
|
 Security Reporter  Group: Members Posts: 509 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
http://secunia.com/virus_information/10706/winceduts.a/ http://www.trendmicro.com/vinfo/virusencyc...me=WINCE_DUTS.A http://vil.nai.com/vil/content/v_126794.htm http://www.sophos.com/virusinfo/analyses/wcedutsa.html This detection is for a proof of concept file virus written for the PocketPC platform. The virus bears the following characteristics: * it is coded for ARM CPUs. * it is a parsitic file infector, appending itself to host files upon infection. * This is a proof of concept, and is not expected to pose any threat in the wild. * Infected files increase in size 1,520 bytes. * Upon infecting a machine, the virus prompts the user as follows, before infection of other files occurs: Dear User, am I allowed to spread? The virus also contains other messages in its body: This code arose from the dust of Permutation City This is proof of concept code. Also i wanted to make avers happy.The situation when Pocket PC antiviruses detect only EICAR had to end ... http://neowin.net/comments.php?id=22323&category=main Called WinCE4.Dust, "it infects pocket pc's PE files (ARM) in root (My Device) directory", as the virus author himself noted in a message addressed, probably, to most antivirus laboratories. The virus author, by his nickname Ratter, is part of the famous 29A VX group and created this virus "not meant to spread", just as "a proof of concept code". In order to run, the virus needs a mobile compatible device running Microsoft Windows CE operating system. The virus displays a message box, asking for user's permission to spread to other files. Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years? -------------------- |
 |
 
|
|
Jul 18 2004, 08:33 AM
Post
#2
|
|
 Guru at being a Newbie Group: Malware Response Team Posts: 5,982 Joined: 8-April 04 Member No.: 96 |
Kaspersky Labs has a news release out about this also:
http://www.kaspersky.com/news?id=150527920 Curious to me that Ratter, the virus author, calls it Dust but all the AV companies call it Duts .
Attached File(s)
-------------------- And I may be obliged to defend
Every love every ending Or maybe there's no obligations now, Maybe I've a reason to believe We all will be received In Graceland--Paul Simon |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 18th March 2010 - 08:46 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.