Handheld Viruses Pack a Big Punch
By Mark Frauenfelder, Mon Jun 04 00:00:00 GMT 2001

Viruses got a huge boost when desktop computers began networking. Your handheld is next.


August 28, 2000 was a bad day for Palm users who thought they were downloading a program to let them play games for free. "Crack1.1," a file that was being traded that day in online chat rooms, was purportedly designed unlock the shareware limitations of a Nintendo GameBoy emulator program called Liberty.

But "Crack1.1" was really a malicious Trojan horse program. When users tapped on the icon it proceeded to delete all the applications it found on their Palm, and kept going until the device crashed. After the infection, users had to re-install the programs and hotsync their Palm to their PC to restore the applications. Woe to those who hadn't backed up their Palm's memory - their programs were gone for good.

The Liberty Trojan horse was quickly traced to a Swedish software writer who claimed to have accidentally released it on the Net. Fortunately, the program did not delete critical user data such as addresses and appointments. But "Crack1.1" was a harbinger of more malignant programs to come.

A month later, the very first genuine virus for Palms, "Palm.Phage.Dropper," appeared. Unlike a Trojan horse (which is unable to make a copy of itself) viruses can replicate over and over again. The "Palm.Phage.Dropper" virus used this capability to delete both application programs and user data from Palm computers.

An epidemic emerges


Since then, additional malicious programs have entered the handheld arena, and as mobile devices become more popular, the situation is only going to get worse. With mass market adoption, the risks of virus outbreaks for mobile devices is a certainty, says Laura Garcia-Manrique, a senior product manager at Symantec, a software developer that supports the world's largest anti-virus research center.

Garcia-Manrique cites several factors pointing to an imminent plague of worms, viruses, and Trojan horses. Foremost is the fact that PDAs are becoming increasingly Internet ready, and therefore more susceptible to infection. Industry analysts predict that mobile Internet users will grow by 600 million in the next two years, and that m-commerce will jump from $240 million in 2000 to $120 billion by the year 2008.

"The adoption of wireless Internet connections will make it incredibly easy for viruses to spread from handheld to handheld," says Garcia-Manrique. "When that happens, we expect to see an explosion in virus activity very similar to what we have seen in the PC world."

Handhelds are also targets for darkside hackers because they represent unconquered territory. The first person to create a malignant Palm program on the level of the Melissa worm (which infected PCs around the world and caused millions of dollars of damage) will bask in notoriety. "Virus writers are looking for fame," says Garcia-Manrique.

From the desktop to the palmtop


Like PC viruses, Palm viruses carry very destructive payloads. With names like Phage and Vapor, they're programmed to do three things: destroy data, replicate, and spread to other systems. They infect handhelds in the same ways that normal programs and information is transmitted to a device.

There are three major routes. You might unknowingly download a file from the Web or an email attachment and copy it to your Palm by Hotsyncing it. Or you might infect your device when someone beams a file to you. "Our research shows that users are very actively using the beaming capabilities at trade shows to share information or new games or applications with friends," says Garcia-Manrique.

And the third method of infection, mentioned above, is by use of a wireless connection to the Internet. "This is an emerging trend," says Garcia-Manrique. "By using things like the OmniSky modem or other types of wireless connections to the Internet, or by using a Palm VII [which has a built-in wireless modem], you could download a file directly to your Palm, infecting it with a virus."

Now that Palm computers are susceptible to viruses, other wireless devices will soon follow. Already, other devices that use the Palm operating system, including Kyocera's mobile phone, are prone to infection. And other mobile phones are next in line. "For virus writers there is always the challenge of writing the first virus for a platform," says Garcia-Manrique. "We expect that these trends and the appearance of new viruses will continue to happen."

Mobile phones aren't immune


So far, WAP-enabled devices are fairly safe from malicious software. WML (Wireless Markup Language) and WMLScript (Wireless Markup Language Script) are still too simple for viruses to start cropping up inside. But as they gain new features and additional services, it's a sure thing they'll start to get infected with damage-causing software.

Even now, it's possible for someone to send a Trojan horse program to your phone that could overload its memory, causing it to freeze up and require the user to reset his or her phone. So far, however, no one has reported finding such a program.

A wireless worm could be especially troublesome for mobile phone users. For example, if you use your mobile phone to look at some content on the Web, the script on the page might send SMS messages to everyone in your in-phone address book. And the people who get the message will then be directed to the same worm-site, which will result in all of their contacts getting the same SMS message. In short time, the worm could affect thousands or millions of mobile phones.

An even more insidious Trojan horse could be programmed to copy your mobile phone's address book to a secret website, where the information could be used by the data thieves for all kinds of nasty business.

Help is on the way


How can you protect yourself from handheld viruses? Having anti-virus scanning software on your PC (the one you use to download data and applications to you handheld) is the first line of defense, but you shouldn't stop there. Because handhelds can contract viruses via beaming or the wireless Internet, you should also run an anti-virus solution on your handheld device, which will scan its memory for malicious programs.

In April, Symantec began shipping AntiVirus 2001 for the Palm OS, and McAffee sells a similar product called VirusScan Wireless, which also scans devices with the Pocket PC, Windows CE, and Symbian EPOC operating systems.

And you can bet other anti-virus companies will be following suit.

Mark Frauenfelder is a writer and illustrator from Los Angeles.