Forgot your password?
typodupeerror
Media (Apple) Media Security Software Linux

A Proof-of-Concept Virus for iPods Running Linux 170

Posted by CowboyNeal
from the fish-in-a-barrel dept.
An anonymous reader writes "Although antivirus companies will probably create a hype saying that iPods are prone to infections, a virus called 'Podloso' is a newly found virus that is just a proof of concept code that can infect iPods running Linux. Once launched, the virus scans the device's hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says, 'You are infected with Oslo the first iPodLinux Virus.'"
This discussion has been archived. No new comments can be posted.

A Proof-of-Concept Virus for iPods Running Linux

Comments Filter:
  • Hear that? (Score:4, Funny)

    by despik (691728) on Friday April 06, 2007 @07:24AM (#18632427) Homepage

    It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

    • by Anonymous Coward on Friday April 06, 2007 @08:04AM (#18632627)
      Let's see... To infect your ipod with this virus, you first you have to install Linux. Then you have to install the virus. Then you have to run the virus.

      Oo. I'm scared.

      Now, if you really want to cause panic and terror among ipod users, come up with something that will either replace the DRM on unprotected tracks after they start selling them or something that recodes all your tunes into WMA format.
      • Re: (Score:3, Insightful)

        by tomhudson (43916)

        You forgot - "then ou have to save the virus to the ipod"

        The article goes on to say it can't propagate itself ... all it can do is corrupt files. That's not a virus.

        • Re: (Score:1, Funny)

          by Anonymous Coward
          This is a viral comment, which propagates by asking nicely. Please repost this comment in other discussions.
        • by mjpaci (33725) *
          George Ou? He couldn't save himself out of a paper bag. (Whatever that means)
      • by tverbeek (457094)
        Viruses based on this technology are clearly poised to wipe out our consumer electronics monoculture. iPods running Linux are virtually everwhere, so if this pathogen escapes into the wild, all that will be left unscathed are the TiVos running Mac OS and the Xboxen running Windows!
    • ...just creating viruses that actually did something useful, like making money? Why do people feel the need to be so destructive?
    • It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

      Actualy it's them all rolling on the floor laughing. The article states it only infects iPods which are running Linux. This has a chance of rampaging through the monoculture of Linux iPods at the same rate as a virus which only runs on an Altair S100 bus based machine. Getting from machine to machine to machine is a problem due to lack of connectivity and the very low chance a machine finding another to inf
  • by that this is not und (1026860) on Friday April 06, 2007 @07:25AM (#18632429)
    Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

      Holy sh*t!! Unplug the Mac, unplug the Mac! So much for my security through obscurity!!!
    • by Virgil Tibbs (999791) on Friday April 06, 2007 @11:01AM (#18634331) Homepage
      what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

      I'd let it infect me over and over again...
      • what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

        I'd let it infect me over and over again...
        Isn't a virus (or we could call it a bacterial infection for fun), by definition, malicious? So then this wouldn't be a bacterial infection jumping around, it would be a self-replicating godsend antibiotic that cures all illness.
  • by hcmtnbiker (925661) on Friday April 06, 2007 @07:29AM (#18632451)
    FTA: Podloso cannot be launched automatically without user involvement.

    I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability. If people weren't so stupid I assume nearly 100% of all computer virus' wouldn't exist, or wouldn't be a problem.
    • by Tim C (15259) on Friday April 06, 2007 @07:55AM (#18632579)
      The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually). I assume that this one is because it's the first for this particular platform.
      • by LordLucless (582312) on Friday April 06, 2007 @08:42AM (#18632835)
        The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually).

        The most damaging (and thus, most reported) viruses don't. I believe the NetBlaster and RedAlert were actual viruses, and spread by vulnerabilities in services enabled by default on standard windows builds.
        • by H3g3m0n (642800) on Friday April 06, 2007 @09:14AM (#18633097) Homepage Journal
          Technically these are considered worms, as they actively self propagate, they seek out vulnerabilities in other systems and infect them. Viruses on the other hand attach to similar files and require the user to transfer the file and execute it on another system having a passive attack vector. I'm not sure i would count the iPod Linux virus as a virus as it would have to be able to infect other iPods somehow, if it can't infect other iPods then its really just malicious code. Granted you can take the binary files from one iPod and put it on another but thats not likely to happen meaning it has basically no self propagation.
      • by sootman (158191) on Friday April 06, 2007 @10:17AM (#18633757) Homepage Journal
        But it shouldn't be news. Anything that can run code, can run malicious code. It's only worth mentioning if there's a chance that a user will a) obtain and b) run the code without knowing it's malicious. If the virus were hidden in a song and could be executed just by being played, that would be news.

        Oh, and look: it was discovered by a company that makes antivirus software. [kaspersky.com] Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history? I'd bet my next paycheck that somewhere there's a connection between an employee of that company and the author of this "virus"--and not just a six-degrees kind of link, I mean a real, substantial link.

        Antivirus exec: "Well, in six years, we haven't been able to convince anyone that OS X is insecure. Despite our efforts, there hasn't been a single in-the-wild, self-replicating virus for that platform. What should we try next?"
        Underling: "Maybe try spreading FUD about iPods?"
        Antivirus exec: "Brilliant!"
    • by b1ufox (987621)
      I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability

      Right.But most of the viruses(in reference to Windows), infected EXEs can harm your PC only if you execute them.Isn't this a kind of user involvement? Ironically if you don't run some XYZ untrusted EXE, you don't mess it up..simple. If you run it, thinking your AntiVirus will save you all the times, then sorry you are in soup.Not always you 'll be s

      • by mdozturk (973065)
        there are some emails going around that take you to a website with nude pictures of britney spears. Go to that website and just let your pc download the pictures on the site. Let me know how that goes. Remember don't double click on any exe files.

        You also might want to read this site: http://www.microsoft.com/technet/security/advisory /935423.mspx [microsoft.com]

        • by jedidiah (1196)
          This counterargument depends entirely of the more-stupid-than-the-industry-norm security practices of Microsoft. If they weren't intent on creating entirely new forms of virus that were considered absurd notions in the past (like email viruses), something like this would not even be barely interesting.

          Oh look, some weenie re-invented the link virus.

          Big fat hair deal.
    • I always find it amusing when a virus that requires the user to activate it is considered news.

      By that definition, rm -rf / would be considered a virus.

      • by Lavene (1025400)

        By that definition, rm -rf / would be considered a virus.

        Oh but it is! It's inherited by the 'stupidity' virus...
    • by brunascle (994197)
      agreed.

      i dont even think we should use the word "virus" for something like that. after all, a real-life biological virus spreads itself and generally starts reaking havoc without the host having to do anything after contracting it.

      this would be more like a "poisoning", like if you poured poison into someone's coffee.
    • by rucs_hack (784150)
      It's not a virus.

      If it were capable of self propagating it would fit the usual meaning of computer virus. As it is it's only able to run with the help of a user, and they also have to copy it onto ipodlinux. Well, the same is true for all podzilla plugins.

      Given that anyone likely to use ipodlinux is also likely to be savvy enough to think about what they are doing, this is a pretty pointless piece of code.

      Perhaps 'malware plugin'?
  • by Ilgaz (86384) on Friday April 06, 2007 @07:30AM (#18632455) Homepage
    ""Although antivirus companies will probably create a hype saying that iPods are prone to infections"

    Well, (Eugene) Kaspersky says at viruslist.com blog (http://www.viruslist.com/en/weblog?weblogid=20818 7356):

    "Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren't constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what's there to steal from an iPod? Multimedia files, and that's about all.

    So - it was an interesting little puzzle, this proof of concept, but nothing more."

    • by necro81 (917438) on Friday April 06, 2007 @09:00AM (#18632995) Journal
      There can be more information to steal on an iPod than just multimedia. iPods have, for quite a while, been able to store contacts, notes, and calendars, typical PIM stuff. There might be something of value in those. On the other hand, if one were to craft a virus for the new iPhone, there definitely could be some malicious value in that, because it stores more information, accesses email and the internet, and is continuously connected to the outside world. On the other hand, the iPhone is a totally different beast than the iPod (and Linux-on-iPod), and will undoubtedly be a much tougher nut to crack.
    • Don't speak, or quote, too soon. Coupla points. 1. Increasingly, people are using these devices to store more than just mp3s. Pictures & video may not be just stuff ripped off the net - wanna see your family pics, or intimate videos, get posted or otherwise abused? More sensitive still, many people store files, (including dictation) on these devices. My brother in law is a lawyer; I spent a *long* time explaining to him what was so potentially dangerous in what he did with new technology. 2. Remem
  • Legality? (Score:2, Funny)

    by Anonymous Coward
    What are the licensing terms associated with this virus? GPL? BSD?
  • Non-story (Score:5, Informative)

    by nevali (942731) on Friday April 06, 2007 @07:31AM (#18632461) Homepage
    This is possibly the biggest waste of a story Slashdot's had in a while.

    Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.
    • How would it replicate? One iPod 'squirting' it at another iPod? That sounds more like a Zune-disease... Still, I keep my iPod in its woolly iSock, so it won't catch a cold.
    • Re:Non-story (Score:4, Informative)

      by timmyf2371 (586051) on Friday April 06, 2007 @08:49AM (#18632895)
      But isn't this what viruses (virii?) were like back in the day, before the days of the internet and widespread connectivity? The first viruses were more interested in deleting files and executables and could only be spread by floppy disks.

      Sure, compared to modern-day viruses, which have (d)evolved into almost worm-like behavious, emailing all and sundry in an address book and generally causing mayhem, it's just a tad boring, but I would say it could definitely be classed as a virus - in the same way a Lada could be classed as a car.
      • by nevali (942731)
        Yes, this is certainly true. I recall colleges getting widespread infections of viruses thanks to students running infected programs from floppies, which then remained in memory and infected any programs on any disks that were later inserted until the machine was rebooted (or until it was cleaned, if it had a hard disk).

        The thing is, though, that's not how software gets distributed any more: the way things work in the iPodLinux world means that it's a lot harder for you to get infected in the first place, a
    • by eli pabst (948845)
      Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

      By definition that's what a virus is. The fact that it appends copies of itself to elf files *is* replication. If it had the ability to self propagate then it would be a worm. Viruses are by definition file infectors.

      The only reason it's news is because this virus infects ipods. Anytime you have a new vi
  • Thank Goodness (Score:3, Interesting)

    by Spackler (223562) on Friday April 06, 2007 @07:34AM (#18632479) Journal
    "You are infected with Oslo the first iPodLinux Virus."

    I would like to thank the developers of this virus. For too long, I have been enjoying hacking my iPod. It is good that someone is out there attempting to stop that by ruining my property.

    Really, now on to the real discussion. Can someone explain the motivation? I actually do not understand why someone would waste their time to write a virus. The only type I do understand is the bot net stuff, and that is motivated by money. Heck, if I can take over 5000 computers and sell the work they can do in mass spam or something, at least the writer is attempting to make money. Why write something like this though? If they spent the same time writing real code, they would make money. If they did it for a different organization, they could help the Red Cross with their IT stuff, or a hospital. Why the fsck do this crap?

    Malcontent? Antisocial? What the heck drives these people?
    • Re: (Score:2, Insightful)

      by operato (782224)
      for the fun of it and because they can. that's what happens when you give people choice. surely the matrix taught you that.
    • Re:Thank Goodness (Score:5, Insightful)

      by J0nne (924579) on Friday April 06, 2007 @07:47AM (#18632533)
      It's for the same reason people install Linux on their iPods in the first place: because they can.
    • Re:Thank Goodness (Score:5, Interesting)

      by someone1234 (830754) on Friday April 06, 2007 @07:49AM (#18632549)
      Creating pseudo-life? Hell, 20 years ago i was very happy when my exe header virus first infected one of my files :) It was definitely more satisfying than hacking away on some j2ee shit.
    • Re: (Score:3, Insightful)

      by CDarklock (869868)
      I used to run a moderately sized VX (virus exchange) board. There are three main reasons people write viruses.

      1. Because they're fascinating. It was interesting to see what kind of things you could make a virus do. For people like this - which included me - the game was to write a virus that more effectively reproduced, evolved, and evaded detection in a smaller space. You can spot viruses written for this reason because THERE IS NO PAYLOAD. It doesn't break anything. It's an academic exercise. We DON'T CAR
    • Can someone explain the motivation?

      I'm guessing there are a couple of 12-year-old Norweigan kids who are jerking each other off right about now, from seeing their dipshit virus make Slashdot.
  • by ValiSystem (845610) on Friday April 06, 2007 @07:49AM (#18632551)
    Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code : #include "stdio.h" int main (void) { printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n"); exit 0; } Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)
    • No, no, no! Wrong! That should go

      #include
      using namespace std;
      int main (int argc, char* argv[]) {
          cout "YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!" endl;
          exit 0;
      }

      In what times do ya live? C++ was yesterday, C is almost ancient! How can you call this fossil "next-gen"!?
      • by cculianu (183926)
        Um, most software is written in C++. And a lot of other code out there is in C. The Linux kernel being one of them.

        No, C is not ancient, and C++ is very much alive. In fact, it might be one of the most popular languages on the planet.

    • Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code :

      #include "stdio.h"
      int main (void) {
      printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n");
      exit 0;
      }

      Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)

      Hmmm, I don't think it will spread too easily by the means you mention. That code won't compile ;-).

      • by Tony Hoyle (11698)
        It will on a lot of compilers... checking argc,argv for main is a later addition. It's wrong, but it'll often compile.

        There are still books out there that write main(void) and main() - only crappy ones though.

        A bigger problem is the #include, which will look in the current directory rather than the system directory. Should be using %ltstdio.h%gt not "stdio.h"

        Oh and exit should be return, but I guess that's just a typo.

        (the c++ version used that spawn of the devil statement 'using namespace std;'.. ffs don
  • by DrXym (126579) on Friday April 06, 2007 @07:51AM (#18632563)
    Amongst the 8 people running Linux on their iPods.
  • by dw604 (900995)
    User runs program that is installed... how is this news at all?
  • by FinchWorld (845331) on Friday April 06, 2007 @08:09AM (#18632663) Homepage
    iPod - £90 to £250

    iPod Linux - Free

    Knowledge and desire to install linux on your MP3 Player - Your social life

    Having been smart enough to install Linux on your iPod then go out of your way to install a virus - Priceless

    For everything else theres run of the mill idiots.

  • Question (Score:5, Insightful)

    by Rogerborg (306625) on Friday April 06, 2007 @08:11AM (#18632671) Homepage

    What is the intersection between people who're smart enough to have installed Linux on their iPods, and people stupid enough to run a random executable?

    Would anyone in that set like to make themselves known? Anyone? Don't be shy; anyone at all?

    Didn't think so.

  • by Anonymous Coward
    "A Proof-of-Concept Virus for iPods Running Linux"

    a) It's not a virus.*
    b) It's not iPod-specific, it could run on other Linuces as well.
    c) The method isn't Linux-specific, would work on almost any OS.
    So what we have here is, a proof of what concept exactly?

    * Granted, that on all currently popular OS's any executable you launch can touch all the files you yourself can, is in itself a big WTF. But we know that, so we don't launch untrusted executables.
    • Re: (Score:2, Informative)

      by nevali (942731)
      It might be a big WTF, but what's the alternative? Effectively put everything in its own sandbox? The problem is that your files are created and accessed by the very same programs you want to restrict access: without that access, both the programs and the files are useless. If you get into the explicit-permission game, you end up with something like UAC or Java's sandboxing permissions--neither of which have exactly set the world on fire. Essentially it boils down to this: what good's a text editor that can
  • by krkhan (1071096) on Friday April 06, 2007 @08:22AM (#18632727) Homepage
    Here's a much simpler virus which wrecks havoc 'once launched':

    echo "You're being infected with the Idiotisco, the second most stupid Linux virus"
    rm -rf ~
    The Idiotisco virus is a 'proof of concept' that any moron running Linux can set executable bit on a file and run it to damage his system.

    Disclaimer: The source code of Idiotisco virus is disclosed only for educational purposes. I will not be held responsible if it makes your system bleed or gets you fired from your job.
  • by cculianu (183926) on Friday April 06, 2007 @08:35AM (#18632793) Homepage
    The file format is called ELF, the executable and linking format. Not .elf. It isn't a file extension. This isn't windows. Bah.

    • As someone who has contributed more than a few patches to iPodLinux, you may be interested in knowing that using Cygwin to generate the userland (used to) create binaries with a .elf extension. The extension isn't needed; it's just the way that the Cygwin toolchain ended up naming them.
  • I hope somebody didn't spend time making this...
  • It infects elf files? This is obviously the work of dwarves.
  • by ScrewMaster (602015) on Friday April 06, 2007 @08:40AM (#18632823)
    Once launched, the virus scans the device's hard disk and infects all executable .elf format files.

    As an Orc myself, I'd have to say that all Elves are considered executable.
    • by funaho (42567)
      Those freakin' elves...they came out of the trees man...they came out of the TREES.

      With apologies to Family Guy because I no doubt have butchered the quote a bit. It's still early here. :)
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Mod parent Troll?
    • As an Orc myself, I'd have to say that all Elves are considered executable.
      Night Elf, or Blood Elf?
  • i know a virus even more powerfull that this one, that infect all Linux Distributions, it's called shred, just try to type shred /* and wait for the result :X
  • As you have to manually install Linux in the first place I can't see this effecting many people.
  • to the clever bastard who wrote this virus and is probably reading about it here. Nice job.
  • Wasn't the Morris Worm a proof of concept? I am not saying that this virus will have the same results just that sometimes it is a good idea to remember the past.

    http://en.wikipedia.org/wiki/Morris_Worm [wikipedia.org]
  • If you clicked on the exe, it put up a message that said "Hello World"
  • Does iPod GNU/Linux induces the user to run as superuser?
  • Any chance this project was funded by Symantec or any of the other companies that will now market an iPod version of their security products?
  • by ettlz (639203)
    So what? There are viruses out there for the HP 48. Make something flexible enough, and someone will distort it.
  • Now *THAT* should propagate like mad in the wild....

    (sarcastic mode: off)
  • Are iPods running Linux really "iPods" anymore? Might as well say there's this cursor virus that infects Macs booted into Windows.

    A more accurate title would be "virus that affects some versions of Linux."
  • Hmmm. I wonder who would take the time to write it? I would not be surprised to see that it came from Apple as a way of telling others to not chance loading Linux on it. Or would it be by MS to discourage any Linux devices.
  • So how many devices are vulnerable to this? About 12 or so?
  • Gee.. more fud.
    If you install Unix you should configure proper security, don't just run it out of the box!
    I flashed my Ipod so I can play ogg format files. It's been running Liunux for three years.
    No problem man!

    Fud Fud Fud Fud Fu$%ing Fud
  • can't replicate, can't launch automatically and "user has to save the virus to the iPod memory for the device to become infected" Why not just format the ipod and save yourself a lot of dicking around?

    Wake me up when you get root, lamer.
  • I heard that the virus had already infected BOTH IPods that are running Linux.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...