Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


First Windows CE Virus Surfaces



 By: Larry Seltzer
2004-07-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The "proof-of-concept" WinCE4.Dust Virus works only on ARM hardware and performs simple file infection.

The first known virus for the Windows CE operating system has been developed and sent to anti-virus companies.

The virus, known as WinCE4.Dust, does no direct damage to the system. When its executed, according to descriptions from several anti-virus companies, it asks, "Dear User, am I allowed to spread?" Symantec notes that if the user responds affirmatively, "it will attempt to append itself to all non-infected EXE files in the directory which it is currently running." F-Secures analysis of the virus indicates that it only infects files larger than 4,096 bytes.

A variety of spellings of the virus name are being used, including "Dust," "Duts" and "Dtus." A screen shot of a file dump of a portion of the virus in F-Secures analysis shows the quote "This code arose from the dust of Permutation City" embedded in the virus.

The analysis declares this to be the origin of the virus name, but then goes on to call it both Duts and Dtus. The virus also contains this string: "This is proof of concept code. Also, i wanted to make avers happy. The situation when Pocket PC antiviruses detect only EICAR file had to end ..."

Resource Library:

The first report of the virus came from BitDefender, whose Lab Director Viorel Canja said: "This is a common excuse for virus writers, to pretend that they create viruses in order to make avers [anti-virus producers] happy. Making viruses doesnt make anyones life happier, as its making it harder and harder to live for the ordinary user."

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Similar proofs of concept for new platforms have emerged in the past, but they were not necessarily followed by actual attacks. Just last month a conceptual virus for cell phones running the Symbian operating system was developed.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page



  Reader Comments: First Windows CE Virus Surfaces
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
 


x}r6*(w=(RH)ْڱ,n!1ErIʶ8NݗxKd{293mFwhwpI"քtl}nRr8GG.7wH$~pw|mOk%[ mWn-ː5MF)|w4]5ӘẌZ>u3uz,wx u UGPL15ΘMj1&ԓmNae0c-ZNq:)6j9U7/LZP8&9D.sL~rDug~B&ǶKAL|iİ Q1)XVP~DsN0/Pb7R7<dhڣ;ikY{Ae /L1r&ddv ;Ct*L2DƖIAKd ˍLJA`:M="G@ݑm.tNTZ"R k3ÄhG,ɣ1lg Q1H όL|2E%$7 Vqc0O~bTIFXEEnOuXVtjk-]&&8a#*] yS G_v5߰-2u鸖˲gu{#4FwYȼ;QbVr|P gQ!`X54p(Ȟ|7n?һ̕U媝U:C| Mͺ7жG^ԼZny\u?./-oF6o|'k;oL'0Q&**R>23NhjAC',{/BrMWJa߸pKPͫ9D]*'80q " J3~̢(*2iuoUus}Huvqzn#|c9̠˪ PBfP E+5Qo=o>_sܶ9ސfSCVl]BgC`BeIuZ!_=z??LrO]jllR)V%%32YuL}(u}F2,do];YB3eu!糶;7#RxXɬV5g oC'3NE ;, tjevxښF(jjRMǿ#G/|Q_#X\p3Z&o *Kj. r5&@Ss~$U m}b.L2w2| Gm\—/(嗋uu; .rqf){΀Oӣ BDԑ?CzC1"pHf.r;G_5t.΃As9Q^ +\M]臘r8]ۚ[ǛVW.>uZ^} 8%g 5F0 ,ieݴ$!8V9MG\F"EY`N~ @8ʍ/;ՙm!SK2A S:ksjܟ <0F;mFݟsgT7P@} ImЦ>R0|m45@ Ln` f8=4fu}׹ }Wԃ1S˨U0-uv=h&6llxXd$4)s.y;L ˂i-JCˋ0P&# 2/?k6a|(ڶOFܣm t@=39ڽf0c@\GGZo;r-E1C7Eإs-.B$(ZȻ!Al~ [ķ Xtl+3~#y5"!bX["'1XuyB#ҞX|,΍Fb!ab -d[b d6f2KI Ihn2!G,D`v9J,L.Y ϴv6jԝeB!wRNhܛSbi]yO熩L`` HC"&cs~tl?KzyO fVsO)A\_xHaA=4l6)4sfX0a) 0Z|Ch 2i0U/Xc51 g{ rgtGnmb[0r> s2 y0vݡNQ6j̟4<3rG6 oj@>|zW.z: $r%vxUi!SL&Zeonmnc^ڜps\=P:Rse)%kb*q (> 4QO ō8|Њ'ѫ>Ug HIulʷX+nMRucB$ެ#v[Z @)*$&@H1V ,;7(kc:+_ihH*6@ڜ_-C %./W0ZT6pc=nP r^sjxSh#SV)9aUsf@&@@hr L9؄͆2Iz><:ulkSW{0TXܴ 3p1wp-H:5K.4MD87]/OAY)F4%ql3/;4/_1*Lly.?=f^0lG:R)æ13{hbin&{۞T'*/|.WC'Xm5DTxc D'A‘"=yjmA61|"*2VDD0vpl@;RtB ^v~JIږk0ezt4w}ڣ..ssQ*JW1R[OJW5PKR,r{}|s/;-ed Ռ8c}yuϷl40ZC39W[Jֿ0t.ɵ`s|\yj &?elEc2& z@jX~lt6<}0VsbYg>]'wI6S 06KGɃUNK){ "Ԧjg7 rZC~nR"r$dl5qVCYW7JNUKmS;_W, GQ:" A=!|`QtEa&Ni}I; P{E |¿B\kBZC cqm8@yd13F55f.)rW9o7k<#X쵿Y+CQT ^\ jN& ӁjFB-89*\FwsGnymK|n* n1}c%4w(.<0{L3{F=v PhnVUrbl2bjUm"{';"#^[h1]~J j9psRL H-FE4ldv'ksW͜iLK{V܀>*eάBo(QUMq'F.ҀVߍSc8DrLʪH얯82V6rT.ደ5?;s}w`.Ug0#7TP>:W)>^nVȍZV?bIG|@Uy`R}UrmUr Ok,ذMe?6W"h M#z; ixT %4eD3/l-9@Ȕ8T*j b[.Kc"CG0|R(UH7E?nZ&IEy)}xH3zidHR7 Z[ť{lpfij ^hk%V07d#)[`M1w¼5Ytx] ($-W0܉-`>` fw}nN .F_$ִBtc2_TJh)W4fuCluo)p5E_%'K+uR-$[7S+tYD{_q/ cvz \[1nl"#BR'28/=)sOHF/pM\iuz{LS+DN3pu*hhwlo)>Z|=`rش %SϛNأ F]>LgSsS cC eu$J\fj*# $_CTո F;ɫ؎C.6xZx>>sUEVf t-JZuwfܥGm|Ga`:.[@(NV\F%Uj@,h b[[|I{tHzYa_dbRQGsّko 1_k O} q2َE[xcLdae=7|50Zɰ5DΙ 2C%;e5w';SgSc7/HF#%{ox?a&F@|֐ ;a2*|b! <UOL•/&;qNL>9bogc {Oc蘲֟\T>:0) cUgij J93jՒհXD:אJ{zb`6i|9 \lmCz0o3mfg)VPQvOc<&=LB[6Im.lK?9%&%-@ >->+& F3'ipYoxM5XHɒ )p]E6BbzblW t2 3 xpxA|Q ]2 Q> uK$^1'rQ &lb28)jtdao͂{T5ڛ4Fr*?:M8ŁS;f:nv2?oֱ&ړ:1\9vZuZ7gwԾ;sYkVxgˎHMF:v{e#B3%kԢwWjBR/VROrN7L(%!Po*DŽ)̀W6X*4, qW Vܓ>Z&q*]o)b3` 򎉀E,*k,C{ Z5*0_[1o˱zmp\ER o[RE}:D '*)PQ-d=vKweq9) @1b) Py7 qK! h-C%\qWʿ8Clk!}J0pwLpO:b l1&$ăib0 x 'S_ER_TǷTJMzOMɨФ8Jv<5?ePHa ``*IPc wϻ`gXvQ$p<Zv}O;ktprmjtzRwx$vjwBǙcOBXD"AX"!k˰=2SE4UuW*b3:`~3KC'57Vc<(d#7wxciaB9=]0i/N)IwW4UzؑET>zk:%NQR$C `>^.#j?o}{ ^LxAxThBMߜߜߜߜ_Z;C#>ѭcƵk:7p1 X0o(,X~H2PW+:NnCs} Զq^Mm_nnQ`aں7t;v{xMh9_/u7u׾%aȅJnK-t);vX;,T$&l OXk%rCx#r[ب$=] <[v"`Trrc]8(+*n?m<-fB8IbbrMT#$H@mg~_Zя TiRWAxB2`;0nj뻢4rC^v#%1$Ⱥc(G}8Vƕ59x +ł~{Ejc _]cxcC5ˊ܎ K:.cA͸\sUeb;]C-5tIkb"]L1xy[>9BZ#+-áeec[ɥj,*hX#<ß-[j s>B:mbf֊XU0Zfz^5>.nz^Eښm` nI.ԛ #7:UbSfCS֭N]MEG8f%Vb cG/r/TB$}y h lMko坔IpʬCץ&:~kW>l!_ɗKDJT9q;;7}搯Z)(!ϣ njK\><`ҧ%EdCusk ŢZWJ [k.HC܋S i/'}cw`\l{^$(#t~5Q|a>Z(M@zSwW] +aj1$0~s_{i/*~I2;v6[B}zIgD\ bݛ9?/RmF ֽz@?Bewι\`{0Bh:Yqc[TrL9vDuvH)tA.4K @X(k@$⸡0,k ?R)&$&*bW"Ya6ىۓj p =ZIx-'Ǵ J;#5¿L\ E#c&>Sx_+@rDB(YIv'o.'.̡x-]s7돸/=ۓR7n!kl\9ҁp3q,㲭I}#( 7KV`wA>pw2|GZ|KB?{t?vـjEe~y:tdcك~^P_ = nM8 kjkEֹIr! -ĐZX̄D! ? Iuj}@~h/Uw[7= d"/9k 0Cߑ;ĭ A;s/f蘱> Cb_¼" 2,aSNFS1;7ra!]?gHbQC9 Znzj.[8 `8.gj5U%Nv+2&Bc85_oz=&jƄ[VaAJz>f2"nctsȜ1;m8wDNƈwK= ȧn1JK\-zH"V|8snj]J,5= c)B_&JUIt037 j1n Q&@ؐ47I8|ۢS6X`{4At:ypX<6sNWe~rjt6:[>esP!񚃠Z9;YG61\{,ȏG-ݜ(8Ja{Ph$bax=9Qa5lxpGCa^L'#}2eNMo R׺lI&5/+/6./S?@_ Hٜ~)]H捻#77VJmN?=}J/ڙE{sz)оvJ?ӾJIS襤ϛ/e |Ꝕ;IoIOgŸ(W)_}O)~HGJz;)пW){s"?WW)ׅwSM?]/r qP: M ^ =A6_ SZ:)O@O)۴toSMX'I)7RqS,Ӕb~/苴etB]W!=Er/0ӮwS:?S/z)^}NN&/n3>a( MU內f Ǩruv ^_A5Ru$X2mMc[PryE#BhtoD.~EY>s$&}:-Wvl+Jx._[nNJ>s\ȜHLFEc9}wAD2KAA0_u)ͥȘWVh#}v 5PΫh.\vظ(f㷌epI|{*ŏ` ƫ.sOk|>q2K~_<ȬMEfFkp%kŠz%cȏHҾι>^é3xwtBoRcvjyX bġ$] ]ͰZY-ϞLm85Ϙ9Su8% {HM ԳpNPدhظj隯rjhN4p37&= P#8T*jA)oT.K俓v GDDK3sw93mV-B`"( 2wޣ`2_ث.74]rmp<@5Gh P>]:1UK, Ҽ`dR͍ጽIۯH D`91K1@iA"ܶ1*z>d)a<׊so`xo JX6~&mʠaCa,sv[#\g|<4 gj /}d40rVAz4=z܇8~3,J+{Q Lsz)B΄[6пc]sKQ,f;v=sctǭ6e <6AT16?lC nU^M#˃a,yCm`b1SOCM^`˫.'"讨`w@\xFENc ɛvzwzIc h.55ɟ"Q} 7Ixh Cҷ'#U?:K? 44U|bk3SNPVPܶJĈ}ܟY7@P|%u;3.a<Tr#n06?Fóymm b5u?LВ/TB= tL5 v4X3!`rINd .nEg|e'vL/0Oqj}Rf=$ u1H-t{zF'_Q,]:/}'fsHl!m&dx.l{R)0v$}>=F+`ma;94Ǟ"R>|\#6i`_CFbЗ3m{k݅*9wid8XZtj?mƔѠc`Bt[A|$Xl!۾f,ӧ&u'}Mz9>vPր.цIdf{U/=׆3d 5yi5J(KXn_%rF#31=qy] YV8;T"?&z1JJ1@b ÏlPoԲ&+'^;~g=>L@*9}>;t,EfeS% %mΠ'bہ;ى{K֯9j;(H&l]| ae)-KqK3~HRM#l9"Eg 1ߠZ|BL;{k8m`'I>09f;i T:kDeP޹aiH@/{6c3F)f'^Fp)N}q=٢ u+Ŀoqml.;3C:{ul՝q^'dd䁜1ӛLOċc :|?v3f;ŝC:p8_@&s`Vݐ=ʷiI-CWsYs5H_f%\#d( +"K KMӬ6W¥"\UXJObX,/ diQh~0r*C<[_ڵlExt=] D~޴9ixӵyZ2 ]#+b )Cc}R>Ɣ+ ]'[ۦ3й?-b7/i{M %_X (;FbF]9Nh݂G [Xx; [+ Qz: xSa \bXEiv܌1FtD}khT!2+S7u O߷Sq޼"þ"ymhAų1}3' ȱ ya1 e;{yW=?9f xug0 'Ɣ ߰"= s׶iD_lgΙ"?DVKx!qwI\&x+;cdX$= E")s8(g z|<\MhmBpxЕŎgPx}td0"ЙV/|JϲH` 9Z*bJOkEIgR la,>r3 e@ͽŵ]Ac*0#/a_0g`yjSa2$Y/95O+1d-UAzMQKj9N"٫ۊƘ#iQgX:rYKB%ӥ,;uD^0ņ̎uJPQ&s)CKUj)M}j39m2k3kq>dcLXw -eRZ`l/Z?5d7%