While the proof-of-concept discovery carries no payload and cannot spread – thus posing no real threat – researchers said the virus is proof that specific platforms, such as the ubiquitous digital music player, can be infected with malware.
For the virus – dubbed Podloso – to exist, users must have installed Linux on their iPod to replace the native operating system, according to a Kaspersky alert.
iPod Linux is an open-source platform and software distribution that has been adapted to run on the music device. It features an operating system kernel and a fully functioning file system.
If the file containing the virus is installed and launched, it scans the iPod’s hard drive and infects all ELF [executable and linking] format files. An attempt to open one of these files reveals a screen message stating: "You are infected with Oslo the first iPodLinux Virus."
Up until now, an enterprise’s main concern was that users may employ iPods’ vast memory capabilities to store confidential company information. But with this new discovery, companies must also consider how devices such as this can impact the network, researchers said.
"You really just need to think about the fact that all of these little things we carry around in our pocket, if they don’t already, are going to have the power to propagate malicious code," Dee Liebenstein, director of product management at SecureWave, told SCMagazine.com.
She said administrators must monitor what devices are connecting to their corporate environment and define appropriate policies.
Shane Coursen, senior technical consultant at Kaspersky Lab, told SCMagazine.com that this type of attack likely won’t occur in the wild for some time to come because end users largely use iPods to transport and store music and video files, not confidential data.
"If there’s no financial gain to be made, it’s just something of interest to a malicious person, and that’s about it," he said.
Meanwhile, Kaspersky reported late Wednesday that its anti-virus and internet security suite solutions contain a number of vulnerabilities that could be exploited to create a DoS condition or to execute arbitrary code, without requiring any user interaction.
The three flaws affecting Kaspersky Anti-Virus are fixed in version 6.0, while the five bugs targeting Kaspersky Internet Security are resolved in the maintenance pack 2.0 build 184.108.40.2064.
In an advisory today, vulnerability tracking firm Secunia rated the flaws "highly critical" and suggested users upgrade to the latest versions.
A sad song: Kaspersky discovers iPod proof-of-concept virus
By Dan Kaplan on Apr 10, 2007 9:59AM