A sad song: Kaspersky discovers iPod proof-of-concept virus

Powered by SC Magazine
 

Music lovers might want to cover their ears for this one: Kaspersky Lab announced today that it has discovered the first virus affecting iPod.

While the proof-of-concept discovery carries no payload and cannot spread – thus posing no real threat – researchers said the virus is proof that specific platforms, such as the ubiquitous digital music player, can be infected with malware.

For the virus – dubbed Podloso – to exist, users must have installed Linux on their iPod to replace the native operating system, according to a Kaspersky alert.

iPod Linux is an open-source platform and software distribution that has been adapted to run on the music device. It features an operating system kernel and a fully functioning file system.

If the file containing the virus is installed and launched, it scans the iPod’s hard drive and infects all ELF [executable and linking] format files. An attempt to open one of these files reveals a screen message stating: "You are infected with Oslo the first iPodLinux Virus."

Up until now, an enterprise’s main concern was that users may employ iPods’ vast memory capabilities to store confidential company information. But with this new discovery, companies must also consider how devices such as this can impact the network, researchers said.

"You really just need to think about the fact that all of these little things we carry around in our pocket, if they don’t already, are going to have the power to propagate malicious code," Dee Liebenstein, director of product management at SecureWave, told SCMagazine.com.

She said administrators must monitor what devices are connecting to their corporate environment and define appropriate policies.

Shane Coursen, senior technical consultant at Kaspersky Lab, told SCMagazine.com that this type of attack likely won’t occur in the wild for some time to come because end users largely use iPods to transport and store music and video files, not confidential data.

"If there’s no financial gain to be made, it’s just something of interest to a malicious person, and that’s about it," he said.

Meanwhile, Kaspersky reported late Wednesday that its anti-virus and internet security suite solutions contain a number of vulnerabilities that could be exploited to create a DoS condition or to execute arbitrary code, without requiring any user interaction.

The three flaws affecting Kaspersky Anti-Virus are fixed in version 6.0, while the five bugs targeting Kaspersky Internet Security are resolved in the maintenance pack 2.0 build 6.0.2.614.

In an advisory today, vulnerability tracking firm Secunia rated the flaws "highly critical" and suggested users upgrade to the latest versions.

A sad song: Kaspersky discovers iPod proof-of-concept virus
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1063

Vote