A Proof-of-Concept Virus for iPods Running Linux

An anonymous reader writes "Although antivirus companies will probably create a hype saying that iPods are prone to infections, a virus called 'Podloso' is a newly found virus that is just a proof of concept code that can infect iPods running Linux. Once launched, the virus scans the device's hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says, 'You are infected with Oslo the first iPodLinux Virus.'"

Hear that?

[despik]

It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

Re:Hear that?

[Anonymous Coward]

Let's see... To infect your ipod with this virus, you first you have to install Linux. Then you have to install the virus. Then you have to run the virus.

Oo. I'm scared.

Now, if you really want to cause panic and terror among ipod users, come up with something that will either replace the DRM on unprotected tracks after they start selling them or something that recodes all your tunes into WMA format.

Re:

[tomhudson]

You forgot - "then ou have to save the virus to the ipod"

The article goes on to say it can't propagate itself ... all it can do is corrupt files. That's not a virus.

Re:

[Anonymous Coward]

This is a viral comment, which propagates by asking nicely. Please repost this comment in other discussions.

Re:

[mjpaci]

George Ou? He couldn't save himself out of a paper bag. (Whatever that means)

Re:

[tverbeek]

Viruses based on this technology are clearly poised to wipe out our consumer electronics monoculture. iPods running Linux are virtually everwhere, so if this pathogen escapes into the wild, all that will be left unscathed are the TiVos running Mac OS and the Xboxen running Windows!

Whatever happened to...

[grnrckt94]

...just creating viruses that actually did something useful, like making money? Why do people feel the need to be so destructive?

Re:Whatever happened to...

[RDW]

How about a Zune virus that strips the DRM from the tracks on the infected machine and 'squirts' itself to all the other Zunes within wireless range? Think about it, if such a virus were released today the number of infections could soar into double figures by the end of the decade!

Re:

[The Ultimate Fartkno]

I'm pretty sure that's how the whole "Macarena" thing got started.

Re:Whatever happened to...

[Anonymous Coward]

I think this raises the question of which group has larger numbers. Is it iPods with Linux on them or Zunes?

Re:

[Technician]

It's the sound of all the real virus authors collectively spinning in their coffins/cells/cubicles.

Actualy it's them all rolling on the floor laughing. The article states it only infects iPods which are running Linux. This has a chance of rampaging through the monoculture of Linux iPods at the same rate as a virus which only runs on an Altair S100 bus based machine. Getting from machine to machine to machine is a problem due to lack of connectivity and the very low chance a machine finding another to inf

I know! I know!

[that this is not und]

Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

Re:

[Anonymous Coward]

Next, I will write a 'virus' that attacks Macintosh SE/30's running NetBSD!

Holy sh*t!! Unplug the Mac, unplug the Mac! So much for my security through obscurity!!!

Re:I know! I know!

[Virgil Tibbs]

what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

I'd let it infect me over and over again...

Re:

[electrosoccertux]

what about a virus for W32 systems which wipes the OS, saves the user files and proceeds to install ubuntu?

I'd let it infect me over and over again...

Isn't a virus (or we could call it a bacterial infection for fun), by definition, malicious? So then this wouldn't be a bacterial infection jumping around, it would be a self-replicating godsend antibiotic that cures all illness.

...another "social engineering" virus

[hcmtnbiker]

FTA: Podloso cannot be launched automatically without user involvement.

I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability. If people weren't so stupid I assume nearly 100% of all computer virus' wouldn't exist, or wouldn't be a problem.

Re:...another "social engineering" virus

[Tim C]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually). I assume that this one is because it's the first for this particular platform.

Re:...another "social engineering" virus

[LordLucless]

The vast majority of viruses require user intervention to run and infect a machine, and aren't considered news (or at least, not individually).

The most damaging (and thus, most reported) viruses don't. I believe the NetBlaster and RedAlert were actual viruses, and spread by vulnerabilities in services enabled by default on standard windows builds.

Re:...another "social engineering" virus

[H3g3m0n]

Technically these are considered worms, as they actively self propagate, they seek out vulnerabilities in other systems and infect them. Viruses on the other hand attach to similar files and require the user to transfer the file and execute it on another system having a passive attack vector. I'm not sure i would count the iPod Linux virus as a virus as it would have to be able to infect other iPods somehow, if it can't infect other iPods then its really just malicious code. Granted you can take the binary files from one iPod and put it on another but thats not likely to happen meaning it has basically no self propagation.

Re:

[Anonymous Coward]

Check links before you speak, thanks.

Re:...another "social engineering" virus

[sootman]

But it shouldn't be news. Anything that can run code, can run malicious code. It's only worth mentioning if there's a chance that a user will a) obtain and b) run the code without knowing it's malicious. If the virus were hidden in a song and could be executed just by being played, that would be news.

Oh, and look: it was discovered by a company that makes antivirus software. [kaspersky.com] Wow, what are the odds that an antivirus company would be the first to discover and publicize a virus that runs on what might be called the least-adopted platform ever in history? I'd bet my next paycheck that somewhere there's a connection between an employee of that company and the author of this "virus"--and not just a six-degrees kind of link, I mean a real, substantial link.

Antivirus exec: "Well, in six years, we haven't been able to convince anyone that OS X is insecure. Despite our efforts, there hasn't been a single in-the-wild, self-replicating virus for that platform. What should we try next?"
Underling: "Maybe try spreading FUD about iPods?"
Antivirus exec: "Brilliant!"

Re:

[b1ufox]

I always find it amusing when a virus that requires the user to activate it is considered news. By definition it's more social engineering then a vulnerability

Right.But most of the viruses(in reference to Windows), infected EXEs can harm your PC only if you execute them.Isn't this a kind of user involvement? Ironically if you don't run some XYZ untrusted EXE, you don't mess it up..simple. If you run it, thinking your AntiVirus will save you all the times, then sorry you are in soup.Not always you 'll be s

Re:

[mdozturk]

there are some emails going around that take you to a website with nude pictures of britney spears. Go to that website and just let your pc download the pictures on the site. Let me know how that goes. Remember don't double click on any exe files.

You also might want to read this site: http://www.microsoft.com/technet/security/advisory /935423.mspx [microsoft.com]

Re:

[jedidiah]

This counterargument depends entirely of the more-stupid-than-the-industry-norm security practices of Microsoft. If they weren't intent on creating entirely new forms of virus that were considered absurd notions in the past (like email viruses), something like this would not even be barely interesting.

Oh look, some weenie re-invented the link virus.

Big fat hair deal.

Re:

[Paulrothrock]

I always find it amusing when a virus that requires the user to activate it is considered news.

By that definition, rm -rf / would be considered a virus.

Re:

[Lavene]

By that definition, rm -rf / would be considered a virus.

Oh but it is! It's inherited by the 'stupidity' virus...

Re:

[brunascle]

agreed.

i dont even think we should use the word "virus" for something like that. after all, a real-life biological virus spreads itself and generally starts reaking havoc without the host having to do anything after contracting it.

this would be more like a "poisoning", like if you poured poison into someone's coffee.

Re:

[rucs_hack]

It's not a virus.

If it were capable of self propagating it would fit the usual meaning of computer virus. As it is it's only able to run with the help of a user, and they also have to copy it onto ipodlinux. Well, the same is true for all podzilla plugins.

Given that anyone likely to use ipodlinux is also likely to be savvy enough to think about what they are doing, this is a pretty pointless piece of code.

Perhaps 'malware plugin'?

Depends on antivirus company

[Ilgaz]

""Although antivirus companies will probably create a hype saying that iPods are prone to infections"

Well, (Eugene) Kaspersky says at viruslist.com blog (http://www.viruslist.com/en/weblog?weblogid=20818 7356):

"Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren't constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what's there to steal from an iPod? Multimedia files, and that's about all.

So - it was an interesting little puzzle, this proof of concept, but nothing more."

Re:Depends on antivirus company

[necro81]

There can be more information to steal on an iPod than just multimedia. iPods have, for quite a while, been able to store contacts, notes, and calendars, typical PIM stuff. There might be something of value in those. On the other hand, if one were to craft a virus for the new iPhone, there definitely could be some malicious value in that, because it stores more information, accesses email and the internet, and is continuously connected to the outside world. On the other hand, the iPhone is a totally different beast than the iPod (and Linux-on-iPod), and will undoubtedly be a much tougher nut to crack.

No so fast, this is a dynamic environment

[Bearhouse]

Don't speak, or quote, too soon. Coupla points. 1. Increasingly, people are using these devices to store more than just mp3s. Pictures & video may not be just stuff ripped off the net - wanna see your family pics, or intimate videos, get posted or otherwise abused? More sensitive still, many people store files, (including dictation) on these devices. My brother in law is a lawyer; I spent a *long* time explaining to him what was so potentially dangerous in what he did with new technology. 2. Remem

Re:

[Ilgaz]

That is exactly why I pasted that blog entry. Kaspersky never tried to spread FUD, they tried to inform the IT community about a nightmare scenario where all AV companies fail to detect a perfectly coded virus and its impact on the planet in a professional conference.

As a side note, Kaspersky _is_ the company who found that iPod virus and the blog entry by the BOSS of Kaspersky says it is NOT a danger right now.

Also head to http://www.phishtank.com/ [phishtank.com] , see the unbreakable, super secure Linux and BSD systems

Legality?

[Anonymous Coward]

What are the licensing terms associated with this virus? GPL? BSD?

Re:Legality?

[Ilgaz]

I bet RMS will go mad since it isn't called GNU-Podloso

Re:

[kimvette]

Oh come on, how was that flamebait? I think it's rather funny.

Re:

[MadMidnightBomber]

"This virus is trying to attach itself to other files on your hard disk. Before it can do this, you will need to agree to the terms of the GPL. Ok or Cancel?"

Re:Legality?

[Tony Hoyle]

..and does a GPL virus that attaches itself to something automatically GPL the thing that it's attached to?

Re:

[cp.tar]

Oh, great.

Now try explaining that the GPL isn't viral...

Sheesh.

Re: License

[MrManny]

Surely it must be creative commons non-commercial no-attribution no-worlddestruction sharealike license.

Non-story

[nevali]

This is possibly the biggest waste of a story Slashdot's had in a while.

Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

Re:

[AxminsterLeuven]

How would it replicate? One iPod 'squirting' it at another iPod? That sounds more like a Zune-disease... Still, I keep my iPod in its woolly iSock, so it won't catch a cold.

Re:

[nevali]

Well, that's part of the point: the potential for an attack vector on something like an iPod is pretty minimal.

Re:Non-story

[Curmudgeonlyoldbloke]

It's an "honour system virus" - in the same way that sending a user a program that deletes all their files and telling them to run it is.

Re:Non-story

[timmyf2371]

But isn't this what viruses (virii?) were like back in the day, before the days of the internet and widespread connectivity? The first viruses were more interested in deleting files and executables and could only be spread by floppy disks.

Sure, compared to modern-day viruses, which have (d)evolved into almost worm-like behavious, emailing all and sundry in an address book and generally causing mayhem, it's just a tad boring, but I would say it could definitely be classed as a virus - in the same way a Lada could be classed as a car.

Re:

[nevali]

Yes, this is certainly true. I recall colleges getting widespread infections of viruses thanks to students running infected programs from floppies, which then remained in memory and infected any programs on any disks that were later inserted until the machine was rebooted (or until it was cleaned, if it had a hard disk).

The thing is, though, that's not how software gets distributed any more: the way things work in the iPodLinux world means that it's a lot harder for you to get infected in the first place, a

Re:

[eli pabst]

Not only does it only 'infect' iPods running Linux, but it's not even able to replicate. To call it a virus is stretching the truth, to say the least; it's just a program that trashes your binaries.

By definition that's what a virus is. The fact that it appends copies of itself to elf files *is* replication. If it had the ability to self propagate then it would be a worm. Viruses are by definition file infectors.

The only reason it's news is because this virus infects ipods. Anytime you have a new vi

Thank Goodness

[Spackler]

"You are infected with Oslo the first iPodLinux Virus."

I would like to thank the developers of this virus. For too long, I have been enjoying hacking my iPod. It is good that someone is out there attempting to stop that by ruining my property.

Really, now on to the real discussion. Can someone explain the motivation? I actually do not understand why someone would waste their time to write a virus. The only type I do understand is the bot net stuff, and that is motivated by money. Heck, if I can take over 5000 computers and sell the work they can do in mass spam or something, at least the writer is attempting to make money. Why write something like this though? If they spent the same time writing real code, they would make money. If they did it for a different organization, they could help the Red Cross with their IT stuff, or a hospital. Why the fsck do this crap?

Malcontent? Antisocial? What the heck drives these people?

Re:

[operato]

for the fun of it and because they can. that's what happens when you give people choice. surely the matrix taught you that.

Re:Thank Goodness

[J0nne]

It's for the same reason people install Linux on their iPods in the first place: because they can.

Re:Thank Goodness

[someone1234]

Creating pseudo-life? Hell, 20 years ago i was very happy when my exe header virus first infected one of my files :) It was definitely more satisfying than hacking away on some j2ee shit.

Re:

[funaho]

You were using J2EE in 1987?

Re:

[someone1234]

Unlikely. I'm forced to do now, though. But you should be intelligent enough to figure out what happened in the past and what happens in the present.

Re:

[funaho]

It was a joke. Sheesh. I'm not an idiot you know.

Re:

[someone1234]

Yup, and it was friday in the j2ee pit :)

Re:

[jZnat]

J2EE existed in 1987? Hmm...

Re:

[jedidiah]

I'm sorry. You have failed the Turing Test.

Please turn yourself into the nearest Blade Runner.

Re:

[CDarklock]

I used to run a moderately sized VX (virus exchange) board. There are three main reasons people write viruses.

1. Because they're fascinating. It was interesting to see what kind of things you could make a virus do. For people like this - which included me - the game was to write a virus that more effectively reproduced, evolved, and evaded detection in a smaller space. You can spot viruses written for this reason because THERE IS NO PAYLOAD. It doesn't break anything. It's an academic exercise. We DON'T CAR

Re:

[j00r0m4nc3r]

Can someone explain the motivation?

I'm guessing there are a couple of 12-year-old Norweigan kids who are jerking each other off right about now, from seeing their dipshit virus make Slashdot.

Next gen Virus

[ValiSystem]

Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code : #include "stdio.h" int main (void) { printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n"); exit 0; } Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)

Re:

[harry666t]

No, no, no! Wrong! That should go

#include
using namespace std;
int main (int argc, char* argv[]) {
    cout "YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!" endl;
    exit 0;
}

In what times do ya live? C++ was yesterday, C is almost ancient! How can you call this fossil "next-gen"!?

Re:

[cculianu]

Um, most software is written in C++. And a lot of other code out there is in C. The Linux kernel being one of them.

No, C is not ancient, and C++ is very much alive. In fact, it might be one of the most popular languages on the planet.

Re:

[Old Wolf]

in C++ there is/are:
- no memory management. forgot to delete? oops, memory leak.

Rubbish, C++ has automatic memory management.
It also supports manual menory management in case you want to do that. Now, you chose that you don't want your allocation to be automatically managed. Then you did not delete it. What are you complaining about again?

- no array slices.
- no hashes (aka dictionaries).

Rubbish

- no array bound checks - easy to step over other vars

C

Re:

[Old Wolf]

foo* baz[8096];
for (int i = 0;i LT 1024;i++)
baz[i] = new foo();

It ate all my ram and half of swap space. I wouldn't call that "automatically managed memory".

You are using the syntax for manual memory management. After #including <vector>, change the above to:
vector<foo> baz(1024);

If you really want that many separate allocations, include <memory> and write:
auto_ptr<foo

Re:

[plasmoidia]

Hey, i made a multi platform virus that can infect almost any existing computer. And it's easy to spread : just compile following code :

#include "stdio.h"
int main (void) {
printf("YOU ARE INFECTED BY ULTRAdOOM NExT gen, F3AR THE L0RD !!\n");
exit 0;
}

Launch and here you are ! (yes, i know, i should have posted that on my blog and write a story for Slashdot)

Hmmm, I don't think it will spread too easily by the means you mention. That code won't compile ;-).

Re:

[Tony Hoyle]

It will on a lot of compilers... checking argc,argv for main is a later addition. It's wrong, but it'll often compile.

There are still books out there that write main(void) and main() - only crappy ones though.

A bigger problem is the #include, which will look in the current directory rather than the system directory. Should be using %ltstdio.h%gt not "stdio.h"

Oh and exit should be return, but I guess that's just a typo.

(the c++ version used that spawn of the devil statement 'using namespace std;'.. ffs don

This is going to spread like wildfire

[DrXym]

Amongst the 8 people running Linux on their iPods.

Why

[dw604]

User runs program that is installed... how is this news at all?

Parts needed...

[FinchWorld]

iPod - £90 to £250

iPod Linux - Free

Knowledge and desire to install linux on your MP3 Player - Your social life

Having been smart enough to install Linux on your iPod then go out of your way to install a virus - Priceless

For everything else theres run of the mill idiots.

Question

[Rogerborg]

What is the intersection between people who're smart enough to have installed Linux on their iPods, and people stupid enough to run a random executable?

Would anyone in that set like to make themselves known? Anyone? Don't be shy; anyone at all?

Didn't think so.

Re:

[loconet]

Here is a picture of him: Ø

What exactly is the point of this article?

[Anonymous Coward]

"A Proof-of-Concept Virus for iPods Running Linux"

a) It's not a virus.*
b) It's not iPod-specific, it could run on other Linuces as well.
c) The method isn't Linux-specific, would work on almost any OS.
So what we have here is, a proof of what concept exactly?

* Granted, that on all currently popular OS's any executable you launch can touch all the files you yourself can, is in itself a big WTF. But we know that, so we don't launch untrusted executables.

Re:

[nevali]

It might be a big WTF, but what's the alternative? Effectively put everything in its own sandbox? The problem is that your files are created and accessed by the very same programs you want to restrict access: without that access, both the programs and the files are useless. If you get into the explicit-permission game, you end up with something like UAC or Java's sandboxing permissions--neither of which have exactly set the world on fire. Essentially it boils down to this: what good's a text editor that can

Once launched ...

[krkhan]

Here's a much simpler virus which wrecks havoc 'once launched':

echo "You're being infected with the Idiotisco, the second most stupid Linux virus"
rm -rf ~

The Idiotisco virus is a 'proof of concept' that any moron running Linux can set executable bit on a file and run it to damage his system.

Disclaimer: The source code of Idiotisco virus is disclosed only for educational purposes. I will not be held responsible if it makes your system bleed or gets you fired from your job.

It's not .elf it's *ELF*

[cculianu]

The file format is called ELF, the executable and linking format. Not .elf. It isn't a file extension. This isn't windows. Bah.

Re:

[MostAwesomeDude]

As someone who has contributed more than a few patches to iPodLinux, you may be interested in knowing that using Cygwin to generate the userland (used to) create binaries with a .elf extension. The extension isn't needed; it's just the way that the Cygwin toolchain ended up naming them.

Jeez...

[Kawahee]

I hope somebody didn't spend time making this...

I know who did it!

[Rob T Firefly]

It infects elf files? This is obviously the work of dwarves.

From the J.R.R. Tolkien department ...

[ScrewMaster]

Once launched, the virus scans the device's hard disk and infects all executable .elf format files.

As an Orc myself, I'd have to say that all Elves are considered executable.

Re:

[funaho]

Those freakin' elves...they came out of the trees man...they came out of the TREES.

With apologies to Family Guy because I no doubt have butchered the quote a bit. It's still early here. :)

Re:

[Anonymous Coward]

Mod parent Troll?

Re:

[ScrewMaster]

I must need more coffee. I was about to be irritated by your comment ... then I had to laugh.

+2 Funny.

Re:

[ScrewMaster]

I think he did ... "Giant laugh", get it?

But does it run WoW?

[SL Baur]

As an Orc myself, I'd have to say that all Elves are considered executable.

Night Elf, or Blood Elf?

i know a virus even more powerfull that this one

[seyon]

i know a virus even more powerfull that this one, that infect all Linux Distributions, it's called shred, just try to type shred /* and wait for the result :X

As you have to manually install Linux . . .

[bradavon]

As you have to manually install Linux in the first place I can't see this effecting many people.

Just a note ...

[kramulous]

to the clever bastard who wrote this virus and is probably reading about it here. Nice job.

Morris Worm

[cow ninja]

Wasn't the Morris Worm a proof of concept? I am not saying that this virus will have the same results just that sometimes it is a good idea to remember the past.

http://en.wikipedia.org/wiki/Morris_Worm [wikipedia.org]

I created a Virus Once...

[sycodon]

If you clicked on the exe, it put up a message that said "Hello World"

Superuser

[leandrod]

Does iPod GNU/Linux induces the user to run as superuser?

Funding

[ktappe]

Any chance this project was funded by Symantec or any of the other companies that will now market an iPod version of their security products?

Meh.

[ettlz]

So what? There are viruses out there for the HP 48. Make something flexible enough, and someone will distort it.

OMG!

[catdevnull]

Now *THAT* should propagate like mad in the wild....

(sarcastic mode: off)

So misleading

[illegalcortex]

Are iPods running Linux really "iPods" anymore? Might as well say there's this cursor virus that infects Macs booted into Windows.

A more accurate title would be "virus that affects some versions of Linux."

A Warning?

[WindBourne]

Hmmm. I wonder who would take the time to write it? I would not be surprised to see that it came from Apple as a way of telling others to not chance loading Linux on it. Or would it be by MS to discourage any Linux devices.

PodLinux?

[nsayer]

So how many devices are vulnerable to this? About 12 or so?

Linux is not vulnerable when configured properly!!

[MrJerryNormandinSir]

Gee.. more fud.
If you install Unix you should configure proper security, don't just run it out of the box!
I flashed my Ipod so I can play ogg format files. It's been running Liunux for three years.
No problem man!

Fud Fud Fud Fud Fu$%ing Fud

*yawn* not much of a virus

[bl8n8r]

can't replicate, can't launch automatically and "user has to save the virus to the iPod memory for the device to become infected" Why not just format the ipod and save yourself a lot of dicking around?

Wake me up when you get root, lamer.

This is really serious

[NatteringNabob]

I heard that the virus had already infected BOTH IPods that are running Linux.

to move my stored comments down, some crap...

[rucs_hack]

gjk hjk jk

Re:

[Doctor Crumb]

You seem to be confused about how peripherals work. When you plug an ipod into a PC, it can no more run software ON THE PC than your mouse can, as you would otherwise have to hack the USB protocol to embed arbitrary system commands in data packets. To make anything ipod-related use a network, you would be *much* better off writing a virus for itunes, which actually runs on the computer with the network connection.