Bug Targeting Hand-Held Devices Was Short-Lived
SAN FRANCISCO — It might be a dubious distinction, but the Palm hand-held computer has finally become popular enough to be targeted by a malicious software program.
Experts warned consumers Tuesday about the first such software assault--a program that masquerades as a video game, but once played begins to delete other software programs on the wildly popular Palm or Handspring Visor devices.
However, the threat was short-lived and few users were affected by the destructive software, which unlike a computer virus does not reproduce.
Apparently as news spread of the bogus software, it was removed from the Web by those who had posted it.
“It’s not in circulation, and no one in the world is experiencing trouble with this anywhere,” said David Perry, public education director of Trend Micro, an anti-virus software maker in Cupertino, Calif.
The bogus program has been dubbed “Palm_Liberty.A” or “Liberty Crack.” It was named after Liberty, a popular Palm program, made by Gambit Studios, that lets users download and then play games made for the Nintendo GameBoy hand-held computer.
But the malicious virus software was briefly available through Internet Relay Chat--a popular Internet communications network--and on a number of Web sites that supply game software. Once transferred from a desktop computer to a Palm or Visor and run, it deletes supplementary programs on the user’s device, such as Web browsers, maps, wine-tasting evaluation software and such. But the virus left address book, calendar and other basic programs intact.
However, anti-virus experts believe that the episode is likely to be repeated as Palm-like devices increase their popularity--following a pattern seen with PCs more than a decade ago.
“This is more important as a proof of concept--of what can be done with Trojan horses and viruses on these [hand-held] machines,” said Vincent Weafer, director of Cupertino-based Symantec’s Corp.’s anti-virus research team. Until now, destructive attacks on hand-held computers were known to be possible but had been demonstrated only in labs, Weafer added. This is the first case of a harmful piece of software “in the wild.”
Several anti-virus companies offer software that detects and removes the program from a PC; users then plug in their hand-held computer with the PC to wipe out malicious software from the hand-held device. But according to Perry, no one is distributing the harmful software any longer.
The incident, however, is one in a series that suggests the problems of PC software attacks will move to the wireless world. In recent weeks, software vandals caused Japanese mobile phones to spontaneously dial emergency numbers; in another case, the text-messaging network for cell phones in Germany was flooded with bogus messages.
The Palm case might ironically have been an accident.
“The whole purpose of my research was to investigate anti-cracking, and assist developers [to] stop cracking,” said Aaron Ardiri, a Swedish software developer who also teaches at the University of Gavle in Sweden.
Ardiri said he created Liberty Crack to sweep off unwanted programs--such as those that might be planted by actual crackers--without harming a user’s data, and he gave an early version to several of his friends.
Ardiri said he decided not to release it because it might cause harm, but he said a friend posted it on an Internet Relay Chat channel without his knowledge.
*
The Associated Press was used in compiling this report.