First Pocket PC Worm - "Win CE4 Dust" http://secunia.com/virus_information/10706/winceduts.a/http://www.trendmicro.com/vinfo/virusencyc...me=WINCE_DUTS.Ahttp://vil.nai.com/vil/content/v_126794.htmhttp://www.sophos.com/virusinfo/analyses/wcedutsa.html
This detection is for a proof of concept file virus written for the PocketPC platform. The virus bears the following characteristics:
* it is coded for ARM CPUs.
* it is a parsitic file infector, appending itself to host files upon infection.
* This is a proof of concept, and is not expected to pose any threat in the wild.
* Infected files increase in size 1,520 bytes.
* Upon infecting a machine, the virus prompts the user as follows, before infection of other files occurs:
Dear User, am I allowed to spread?
The virus also contains other messages in its body:
This code arose from the dust of Permutation City
This is proof of concept code. Also i wanted to make avers happy.The situation when Pocket PC antiviruses detect only EICAR had to end ... http://neowin.net/comments.php?id=22323&category=main
Called WinCE4.Dust, "it infects pocket pc's PE files (ARM) in root (My Device) directory", as the virus author himself noted in a message addressed, probably, to most antivirus laboratories. The virus author, by his nickname Ratter, is part of the famous 29A VX group and created this virus "not meant to spread", just as "a proof of concept code". In order to run, the virus needs a mobile compatible device running Microsoft Windows CE operating system. The virus displays a message box, asking for user's permission to spread to other files. Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years?