A Proof-of-Concept Virus for iPods Running Linux

An anonymous reader writes "Although antivirus companies will probably create a hype saying that iPods are prone to infections, a virus called 'Podloso' is a newly found virus that is just a proof of concept code that can infect iPods running Linux. Once launched, the virus scans the device's hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says, 'You are infected with Oslo the first iPodLinux Virus.'"

Depends on antivirus company

[Ilgaz]

""Although antivirus companies will probably create a hype saying that iPods are prone to infections"

Well, (Eugene) Kaspersky says at viruslist.com blog (http://www.viruslist.com/en/weblog?weblogid=20818 7356):

"Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren't constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what's there to steal from an iPod? Multimedia files, and that's about all.

So - it was an interesting little puzzle, this proof of concept, but nothing more."

Non-story

[nevali]

This is possibly the biggest waste of a story Slashdot's had in a while.

Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

Re:Non-story

[nevali]

Well, that's part of the point: the potential for an attack vector on something like an iPod is pretty minimal.

Re:...another "social engineering" virus

[Tim C]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually). I assume that this one is because it's the first for this particular platform.

Re:What exactly is the point of this article?

[nevali]

It might be a big WTF, but what's the alternative? Effectively put everything in its own sandbox? The problem is that your files are created and accessed by the very same programs you want to restrict access: without that access, both the programs and the files are useless. If you get into the explicit-permission game, you end up with something like UAC or Java's sandboxing permissions--neither of which have exactly set the world on fire. Essentially it boils down to this: what good's a text editor that can't edit your files, or a file manager that can't open, rename, move, copy or delete your files? Where's the line between programs which can do things and programs which can't? What determines trusted versus untrusted? Is it digital signatures? If so, who issues them? (And with that we're heading rapidly towards TCPA and friends to ensure the validity of the signatures on all of your binaries, including the kernel and drivers).

Personally, I'd rather have an OS in which programs _I_ run can access _my_ files, whereas programs other people run can't, than have an OS where programs I run have to be whitelisted to function properly and I either get really lax about the whitelisting and allow everything that seems like it /might/ be OK to access my stuff, or spend all my time tuning and verifying the permissions for programs and no time at all actually using the things and getting anything done.

It's not .elf it's *ELF*

[cculianu]

The file format is called ELF, the executable and linking format. Not .elf. It isn't a file extension. This isn't windows. Bah.

Re:...another "social engineering" virus

[LordLucless]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually).

The most damaging (and thus, most reported) viruses don't. I believe the NetBlaster and RedAlert were actual viruses, and spread by vulnerabilities in services enabled by default on standard windows builds.

Re:Non-story

[timmyf2371]

But isn't this what viruses (virii?) were like back in the day, before the days of the internet and widespread connectivity? The first viruses were more interested in deleting files and executables and could only be spread by floppy disks.

Sure, compared to modern-day viruses, which have (d)evolved into almost worm-like behavious, emailing all and sundry in an address book and generally causing mayhem, it's just a tad boring, but I would say it could definitely be classed as a virus - in the same way a Lada could be classed as a car.

Re:...another "social engineering" virus

[H3g3m0n]

Technically these are considered worms, as they actively self propagate, they seek out vulnerabilities in other systems and infect them. Viruses on the other hand attach to similar files and require the user to transfer the file and execute it on another system having a passive attack vector. I'm not sure i would count the iPod Linux virus as a virus as it would have to be able to infect other iPods somehow, if it can't infect other iPods then its really just malicious code. Granted you can take the binary files from one iPod and put it on another but thats not likely to happen meaning it has basically no self propagation.