A sad song: Kaspersky discovers iPod proof-of-concept virus

Powered by SC Magazine
 

Music lovers might want to cover their ears for this one: Kaspersky Lab announced today that it has discovered the first virus affecting iPod.

While the proof-of-concept discovery carries no payload and cannot spread – thus posing no real threat – researchers said the virus is proof that specific platforms, such as the ubiquitous digital music player, can be infected with malware.

For the virus – dubbed Podloso – to exist, users must have installed Linux on their iPod to replace the native operating system, according to a Kaspersky alert.

iPod Linux is an open-source platform and software distribution that has been adapted to run on the music device. It features an operating system kernel and a fully functioning file system.

If the file containing the virus is installed and launched, it scans the iPod’s hard drive and infects all ELF [executable and linking] format files. An attempt to open one of these files reveals a screen message stating: "You are infected with Oslo the first iPodLinux Virus."

Up until now, an enterprise’s main concern was that users may employ iPods’ vast memory capabilities to store confidential company information. But with this new discovery, companies must also consider how devices such as this can impact the network, researchers said.

"You really just need to think about the fact that all of these little things we carry around in our pocket, if they don’t already, are going to have the power to propagate malicious code," Dee Liebenstein, director of product management at SecureWave, told SCMagazine.com.

She said administrators must monitor what devices are connecting to their corporate environment and define appropriate policies.

Shane Coursen, senior technical consultant at Kaspersky Lab, told SCMagazine.com that this type of attack likely won’t occur in the wild for some time to come because end users largely use iPods to transport and store music and video files, not confidential data.

"If there’s no financial gain to be made, it’s just something of interest to a malicious person, and that’s about it," he said.

Meanwhile, Kaspersky reported late Wednesday that its anti-virus and internet security suite solutions contain a number of vulnerabilities that could be exploited to create a DoS condition or to execute arbitrary code, without requiring any user interaction.

The three flaws affecting Kaspersky Anti-Virus are fixed in version 6.0, while the five bugs targeting Kaspersky Internet Security are resolved in the maintenance pack 2.0 build 6.0.2.614.

In an advisory today, vulnerability tracking firm Secunia rated the flaws "highly critical" and suggested users upgrade to the latest versions.

A sad song: Kaspersky discovers iPod proof-of-concept virus
 
 
 
Top Stories
Slow progress in Turnbullistan
[Blog post] How has the NBN moved ahead since regime change?
 
Hacks and frauds can't dampen Bitcoin buzz
[Blog post] Enthusiasts meet in Melbourne.
 
Qantas checks in with cloud computing
Impressed with results of public cloud bake-off.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  24%
 
Application integration concerns
  2%
 
Security and compliance concerns
  31%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  24%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 560

Vote