A sad song: Kaspersky discovers iPod proof-of-concept virus

Powered by SC Magazine
 

Music lovers might want to cover their ears for this one: Kaspersky Lab announced today that it has discovered the first virus affecting iPod.

While the proof-of-concept discovery carries no payload and cannot spread – thus posing no real threat – researchers said the virus is proof that specific platforms, such as the ubiquitous digital music player, can be infected with malware.

For the virus – dubbed Podloso – to exist, users must have installed Linux on their iPod to replace the native operating system, according to a Kaspersky alert.

iPod Linux is an open-source platform and software distribution that has been adapted to run on the music device. It features an operating system kernel and a fully functioning file system.

If the file containing the virus is installed and launched, it scans the iPod’s hard drive and infects all ELF [executable and linking] format files. An attempt to open one of these files reveals a screen message stating: "You are infected with Oslo the first iPodLinux Virus."

Up until now, an enterprise’s main concern was that users may employ iPods’ vast memory capabilities to store confidential company information. But with this new discovery, companies must also consider how devices such as this can impact the network, researchers said.

"You really just need to think about the fact that all of these little things we carry around in our pocket, if they don’t already, are going to have the power to propagate malicious code," Dee Liebenstein, director of product management at SecureWave, told SCMagazine.com.

She said administrators must monitor what devices are connecting to their corporate environment and define appropriate policies.

Shane Coursen, senior technical consultant at Kaspersky Lab, told SCMagazine.com that this type of attack likely won’t occur in the wild for some time to come because end users largely use iPods to transport and store music and video files, not confidential data.

"If there’s no financial gain to be made, it’s just something of interest to a malicious person, and that’s about it," he said.

Meanwhile, Kaspersky reported late Wednesday that its anti-virus and internet security suite solutions contain a number of vulnerabilities that could be exploited to create a DoS condition or to execute arbitrary code, without requiring any user interaction.

The three flaws affecting Kaspersky Anti-Virus are fixed in version 6.0, while the five bugs targeting Kaspersky Internet Security are resolved in the maintenance pack 2.0 build 6.0.2.614.

In an advisory today, vulnerability tracking firm Secunia rated the flaws "highly critical" and suggested users upgrade to the latest versions.

A sad song: Kaspersky discovers iPod proof-of-concept virus
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 707

Vote