0

Leading security vendor Kaspersky Lab has uncovered the first ever proof of concept virus designed with the sole intention of infecting the iPod media player. Like all proof of concept viruses though, Podloso poses no real world threat to users. For a start it requires a Linux installation, not on your PC but on the iPod itself which rather limits the number of devices likely to be capable of infection. Even if this requirement is fulfilled, the virus still requires user involvement to be launched from the program demo folder. Finally, if the user does execute the Podloso file it will then scan the iPod hard drive and infect all ELF (executable and linking) files which it finds.

And the payload? Well, an infected executable will fail to run and instead launch a message display box which says “You are infected with Oslo the first iPodLinux Virus.”

So if it is relatively difficult to become infected in the first place, requires more than a little user interaction, and has a relatively harmless payload is Podloso a cause for concern? Now that is not such a straightforward question to answer. Although there is an argument to say that this is just the beginning of the iPod virus invasion, and the lack of a malicious payload this time does not mean the next one will be harmless, I am inclined to think otherwise. After all, there is no mechanism for the virus to spread because it has to be saved into iPod memory in order to infect the device, it cannot jump from one player to another and cannot be distributed piggy-backed to an audio download for example. All it does is provide those who would knock Apple, and writers about security such as myself, with something to talk about.

The biggest security threat posed by the iPod and its users, however, remains that of bringing a pocketable hard drive into an otherwise secure location and using it to remove copies of confidential data from the PCs there. Indeed, some might well also argue that the infection of some video iPods sold after September 12th last year with a virus targeting Windows computers was a bigger problem than this, because that at least was a real virus causing real problems to the connected PC.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by John A
0

I'm not at all impressed by the designers. Although I don't know the details of iPodLinux, the fact is that it's just a special version of Linux for iPods. And since we already know of viruses that exist for Linux, it's no surprise that they were able to write a virus that functions on iPodLinux.

Like TheNNS already said, a better feat would have been for the designers to actually design a virus for the iPod OS. Now that would make headlines everywhere.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.