[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Trojan horse rears its head on Palms
From:       William Knowles <wk () C4I ! ORG>
Date:       2000-08-29 5:59:34
[Download RAW message or body]

http://news.cnet.com/news/0-1006-200-2635223.html?tag=st.ne.1002.bgif.ni

By Stephanie Miles
Staff Writer, CNET News.com
August 28, 2000, 1:20 p.m. PT

A software programmer has created the first known Trojan horse for a
Palm, raising questions about a possible downside to the company's
legions of loyal software developers.

A malicious program masquerading as an illegal, but free, version of
the popular gaming application Liberty has been making the rounds of
Palm newsgroups and chat rooms since late last week. The arrival of
the software, which has the potential to wipe out all the programs
stored on the device, is believed to be the first Trojan horse for the
Palm.

There are no reports of damage resulting from the Trojan horse, but
the event marks the first time the handheld computers have been hit
with a major security threat. According to Palm, which is downplaying
the Trojan horse's significance, anyone who executes the malicious
application can reset the device and re-synchronize with data stored
on the PC.

A Trojan horse is a type of code that tricks a computer user into
downloading or installing it by masquerading as legitimate software.
Palm, which has credited its widespread success in the handheld
computer market in part to its legions of third-party software and
hardware developers, has been largely immune to these types of
problems despite the popularity of these applications.

"We're aware that a developer has posted what appears to be a Trojan
horse. Palm does not condone the use of our operating system for
creating or distributing potentially destructive software," said Julia
Rodriguez, a Palm representative, who added that the company is not
warning people about the situation. "We don't see this as a major risk
to the user base."

As devices continue to grow in popularity and move into the
mainstream, analysts say these types of problems may occur more
frequently. Further, because Palms are increasingly used by employees
in the workplace, new viruses have the potential to quickly affect
entire organizations.

Gartner mobile device analyst Ken Dulaney said he wasn't surprised to
hear about the Trojan horse for Palms.

"It's almost a sign of a product becoming a dominant market force," he
said.

Dulaney noted that Palms are quite vulnerable to viruses because of
the popularity of beaming applications and contact information via the
infrared port. "From a security standpoint," he said, "these things
are just wide-open doors."

Antivirus software maker McAfee.com last month released the first
version of its software designed specifically for personal digital
assistants (PDAs). The software maker cited the growing popularity of
PDAs as motivation for creating device-specific antivirus software.

"One of the problems is the intermixing of personal and company data,"
Dulaney said. "Devices like the Palm, which are owned by the
individual but used in the corporation, represent this mass
intermixing of two worlds which are not intended for each other. One's
a highly locked-down environment, and one is use and do whatever you
want until it breaks."

This first Trojan horse is also unusual in that the author is not only
taking credit for writing the software but is also helping to contain
its spread.

Aaron Ardiri is a Palm developer who co-wrote Liberty, a popular
application that emulates Game Boy games for the Palm. Ardiri, who
also actively campaigns against so-called crackers who steal software,
created a destructive Palm application disguised as a free version of
Liberty. Crackers search for methods of breaking security codes for
Palm games and applications, he said, rather than purchasing the
software outright.

Ardiri said the application, which wipes out all programs stored on a
device, was part of another project to create a comprehensive
uninstall application for the Palm. He initially decided to share the
application, which uses the Liberty icon, with a few friends as an
experiment in thwarting crackers tempted to download a free version of
what is normally proprietary software.

However, the exercise backfired when the application was posted to a
Palm developer chat room. Although Ardiri said the software was
available in the chat room for less than an hour, he decided to post
warnings to popular Palm newsgroups, such as PalmStation.com.

"It was one of the products that was never supposed to be run outside
of the workshop," Ardiri said in a phone interview from Sweden. "Doing
this on purpose would have been professional suicide. It's not my
style."

The developer has been flamed on PalmStation and other Palm newsgroups
by people who are skeptical of his story. To date, Palm has received
no reports of anyone affected by the Trojan horse.

"This is rather a large event because it is the first virus-like
program--although it's not a virus, it's a Trojan horse program," said
Hal Schechner, owner of PalmStation, which has posted more than 60
messages about the situation. "In that sense, it's big news."

For his part, Ardiri said he hopes the incident will help people think
twice before downloading unknown applications from Web sites.

"The point I'm trying to make is that people, without even thinking
about what they're doing, are installing software and running it,
which causes problems for everyone," he said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic