BitDefender (Romanian AntiVirus company) have discovered the first virus that affects millions of Pocket PCs, smartphones, and other Internet appliances users.
Called WinCE4.Dust, "it infects pocket pc's PE files (ARM) in root (My Device) directory", as the virus author himself noted in a message addressed, probably, to most antivirus laboratories. The virus author, by his nickname Ratter, is part of the famous 29A VX group and created this virus "not meant to spread", just as "a proof of concept code".
In order to run, the virus needs a mobile compatible device running Microsoft Windows CE operating system. The virus displays a message box, asking for user's permission to spread to other files.
Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years?
Screenshot: >> Click here <<
View: Virus Description
News source: In-House
Called WinCE4.Dust, "it infects pocket pc's PE files (ARM) in root (My Device) directory", as the virus author himself noted in a message addressed, probably, to most antivirus laboratories. The virus author, by his nickname Ratter, is part of the famous 29A VX group and created this virus "not meant to spread", just as "a proof of concept code".
In order to run, the virus needs a mobile compatible device running Microsoft Windows CE operating system. The virus displays a message box, asking for user's permission to spread to other files.
Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years?
Screenshot: >> Click here << View: Virus Description News source: In-House
We are pleased to announce the release of Windows Installer v3.0 (MSI3.0) RC2. This is the final beta release for MSI3.0.
Note: The redist package will not install on WinXP/SP2. WinXP/SP2 has native support for MSI3.0.
Download:
The RC2 release is available at http://beta.microsoft.com
Bug Reporting/Feedback:
Use the Bug Reporting tool on http://beta.microsoft.com
Newsgroups:
You will need a newsreader program such as Outlook Express to participate in the newsgroups. To access the newsgroups you will need to configure your newsreader program with the account information listed below. If you do not already have a password, you can create a newsgroup password on
All newsgroups for this beta program begin with: microsoft.beta.WindowsInstaller Newsgroup Account Name: Newsgroup Password:
*Note: If you forget the newsgroup password you create on Microsoft Beta, you will need to go to Microsoft Beta to create a new one.
If you need assistance, please send e-mail to msibeta@microsoft.com alias.
Thank you for participating in this beta program. We look forward to your valuable feedback.
Windows Installer Group
2) It has actually been called DUTS officially. Virus writers don't get to choose the name.
Have you seen the screenshot then? Guess not! It displays the name of the virus and the author in the message box title.
The official name for the POC code is DUTS.
Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years?
There's no information on how you can get this virus. If you have to download it and install it, WHATS THE BIG DEAL? What the hell could Microsoft release a hotfix for? You don't release a patch for every virus that comes out, you release patches for vulnerabilities that exist in the OS. If this article went into a little more description it MIGHT warrent a news posting. Otherwise it's just a program with some malicious code.
My question is: how does one get this virus? Can it infect my PC and then wait to be activly-synced to my pocketpc. Does it come from just installing software from the virus? Can there be a worm or something, for when my pocket pc is connected to the internet via bluetooth or somthing?
They're going to have to do something now, they can't let this virus spread on and on...
It's like blaster worm....
If you reformat and go on the internet, you'll most probably get blaster worm...
It's like a virus that never goes away, and will always be there...
But atleast this way, they can stop it by updating...
What I'd like to know is whether it is suitably written to infect any ARM generation device or if it's API calls are specifally for CE 4.
Any one tried it on PPC2002 / PPC2000 / HPC2000 / HPC Pro?
but with regards to this bit ....."Since Microsoft do not offer hotfixes for Pocket PC and only offer Service Packs through OEM channels, how will this effect end users in the next coming months/years?" ..
... I don't think we, as users, can be that reliant on OEM channels for fixes OR updates for PDA's and the like, especially in the wake of HP & now Dell now apparently refusing to update some of their still current pda models to wm2003SE (after promises to the contrary) .....
This is the first PPC specific virus, check out NAI,F-Secure etc's sites. They all confirm this.
PocketPC isn't the only class of windows ce device out there.
The Handheld PC is the oldest class: http://www.hpcfactor.com/newsgroup/
I think that it is probably the first ce 4 virus too.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.