Duts Shows: Viruses For Windows Mobile a Reality
Kaspersky Labs announces the detection of the first virus for Microsoft’s mobile operating system
Kaspersky Labs, a leading information security software developer, has detected Duts, the first virus for Windows Mobile. This is one of the most popular platforms for mobile devices such as PDAs and smartphones.
“Duts is a proof-of-concept malicious program; it demonstrates that Windows Mobile is vulnerable to infection. Our tests show that the virus can effectively propagate in such an environment,” said Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. “However, we don’t expect a major outbreak – Duts is unable to spread independently, only infects a limited number of files, and signals its presence in the system when attempting to propagate.”
Duts was created by Ratter, the pseudonym of a virus-writer who is an active member of the international group called “29A”. The group is well known for its proof-of-concept viruses, including the recent Cabir, the first worm for Symbian OS.
Duts is a classic parasitic virus and is 1520 bytes in size. It can penetrate mobile devices via e-mail or the Internet, through removable memory, via synchronization with a PC or using Bluetooth technology.
Once the infected file is launched, the following dialogue box will be displayed:
Dear User, am I allowed to spread?
If the user clicks yes, Duts penetrates all executable files larger than 4KB located in My Device (the root directory). When infecting, the virus writes itself to the end of the file and modifies the entry point. An empty header field will then be flagged with the text ‘atar’ to prevent re-infection of already infected files. Duts does not appear to have any destructive payload.
“The events of the past month are really disturbing. The computer underground has pounced on the new opportunities offered by mobile devices. And now malicious programs are evolving in yet another direction, bringing the first global outbreak caused by a mobile virus closer and closer.” added Eugene Kaspersky.
Kaspersky Labs anti-virus databases already contain detection and removal routines for Duts. A version of Kaspersky Anti-Virus for Windows Mobile can be downloaded from Kaspersky Labs Web site at http://www.kaspersky.com/homeuser?chapter=4157432.