Wed, Jul
0 New Articles

The Wireless Virus: It's Alive!

Development Tools / Utilities
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times
If Victor Frankenstein were alive today, would his creations live in my PDA and my cell phone, getting even with humanity by scheduling me for meetings that don't exist and making prank calls to my associates?

Little Monsters

Ever since computer software came into existence, people have tried to develop programs that display the characteristics of life. One of the most intriguing characteristics to imitate has been the ability to reproduce. Developers with a less-than-considerate approach measured their success by how many computer systems their creations spread to, how quickly they spread, and how much damage they caused. The more reports developers read about the damage they caused, the more successful they felt. Such was the origin of the computer virus.

At first, viruses spread by diskette when users shared data or installed application software. The spread accelerated when LANs appeared in business offices and users began to use bulletin board services (BBSs) to share ideas and programs. Finally, the Internet gave the authors of these malicious programs access to an unprecedented number of machines in offices and homes around the world.

Today, many of the devices users carry with them--including Palm devices, Pocket PCs, and wireless phones--run software and can connect to some kind of network. Are these platforms the next battleground for computer viruses?

Over the years, I have taken what I think are decent measures to protect my laptop from viruses. But now I own a Web-enabled cell phone that is essential to my work. I have depended on electronic organizers for the last 10 years, and I currently own a Palm V that I regularly use to connect to the Internet and synchronize with my laptop. Should I worry about viruses affecting these devices? Yes.

So what do I do? How do I protect my connected devices from a virus attack? To address these questions, I'll examine what viruses are, the kinds of devices that could be affected by a virus, which viruses have appeared on these devices to date, and finally, what you can do about them.

What Is a Virus?

Several types of programs can damage your computer systems--not all are viruses. These programs are generally referred to as malapps (malicious applications). There are basically three types of malapps: viruses, worms, and Trojan horses.

A virus is a program that, when introduced into a host computer, replaces or attaches itself to another program. When that program executes, the virus replicates itself as part of its function. Viruses do not necessarily damage a computer system or application, and they are usually introduced without the user's knowledge. It is possible for your computer to host a number of viruses and for you to never know.

Worms are programs that replicate themselves from system to system just as viruses do but do not become part of other programs or files. The distinction here may seem trivial, but it is in fact quite significant. Suppose a worm named playball.exe has appeared on your computer. Generally, you have to choose to execute the potentially harmful program for the worm to do its damage. In this example, the user might notice the program name while looking for some other file and execute it, believing it is some innocuous video game. There are various techniques the creator uses for tricking you or your computer, but the worm is generally not as effective as a virus. However, suppose a worm appeared on your computer and attached itself to your word processing application. Every time you edit or create a new document, the worm will run, doing whatever it was written to do and attaching itself to yet another program on your computer.

When you think of a Trojan horse, you normally think of an application that pretends to be something other than what it really is in order to cause harm or mischief to your system. In the context that I'm discussing here, however, a Trojan horse may not necessarily be a destructive program, but rather something that merely causes unexpected behavior on your system. When the Trojan horse is introduced to your computer, it executes some kind of functionality--from something as seemingly harmless as displaying a message announcing its successful introduction to wreaking havoc on the operating system. A Trojan differs from a worm in that it does not replicate itself. In fact, it may even clean up after itself, leaving no trace of its existence.

To summarize, a virus is a malapp that replicates itself and becomes part of other applications or programs on your computer or device. A worm is a malapp that can replicate itself but does not become part of another program. And a Trojan is a malapp that neither becomes part of another program nor replicates itself, but does cause unexpected behavior.

How Do You Get a Virus?

Viruses do not appear out of thin air. Just as a person has to come in contact with another person or thing to catch a virus, so does a computer or device. If you take a Palm OS-based device as an example, contact occurs during a hot-sync, during an Internet connection, or when a user beams information to and receives information from another Palm device through an infrared data exchange.

Hot-sync? Beaming? What are these? A hot-sync is a method of synchronizing the information on a Palm device with a PC. To synchronize, you drop the Palm device into its hot-sync cradle, which is attached by wire to the PC, and then press the hot-sync button, which starts the synchronization programs on the Palm and PC. These programs access data stored on the Palm, such as datebook entries or even custom application data files, and typically update a database on the PC. Synchronization programs (called conduits) can also access information on the Internet via the PC and download it to the Palm device, or install new applications onto the Palm device.

Synchronization provides one opportunity for a virus to appear on your Palm. If a virus or other malapp gets into your PC, it can then position itself to install onto your Palm during the next hot-sync operation.

What about beaming? One of the most common methods for two people with Palm devices to share information and programs is to beam that information using the infrared ports built into every Palm device. Suppose I meet you at a business lunch and you have a Palm. After lunch, I might offer to beam you my business card, which is essentially just an address book entry that has my name, company, and phone number. After I beam it to you, you accept it into your address book. Suppose I then show you a great Palm program for managing sales contacts and you want the program on your Palm. I could easily beam that program to you just as I did my business card. If a virus or malapp has attached itself to an application that you are receiving from another Palm user, you will download that virus to your Palm device.

Some newer digital cellular phones also have infrared interfaces for sharing things such as phone book entries or even ring styles--those musical tunes that you sometimes hear cellular phones play--and simple arcade games. My phone lets me program my phone list over the Internet. In addition, by attaching a cable to my phone, I can change phone book entries from my laptop. In each of these cases, a virus has an opportunity to infect the software on the device.

The future will present more opportunities for viruses to travel to wireless devices. An example is a new radio technology called Bluetooth, a localized wireless network that promises to let users connect to peripherals and other users within several yards of them. In a worst-case scenario, the technology will let us send and receive viruses unwittingly.

How Can Viruses Affect a Wireless Device?

So I have a virus on my Palm. What's the big deal? The device holds only some address information and maybe some appointments. For many people, that on its own would be a big deal. I depend on my Palm to schedule dozens of meetings, weeks in advance, all over North America. If a meeting is deleted from my Palm, I don't go to the meeting. I lose the trust of that customer, and I lose my airfare when I don't show up for my flight.

Some people carry all their credit/debit card information, account passwords, and a host of confidential company and personal information on their Palms or other personal digital assistants (PDAs). If a Trojan installed itself on your PDA, one of the things it could do is send your password lists to the virus author every time you hot-sync or connect to the Internet--all without your knowledge. This would be especially disturbing if the PDA belongs to a computer operator who keeps the company's mainframe security officer account name and password on it.

The electronic phone book is one of the features of the cell phone that can cause the most damage to users today. If your phone book names and numbers were scrambled, you could find yourself dialing your mother's phone number when you think you're dialing the president of your biggest customer for that urgent conference call.

Some viruses may make their way to your PDA or phone without any intent to damage the information or programs on the device: The malapp's author may have something a little more sinister planned. For example, many companies issue PDAs to their sales force or their executive team as a means to plan meetings and keep in touch with one another about important company issues. To accomplish this, users synchronize the information on their PDAs with consolidated company schedule and information databases, which involves the hot-syncing process I discussed. If a user has contracted a malapp on his device or laptop, the malapp will then have an opportunity to replicate itself to the company's server and eventually to any devices that later hot-sync to that server.

What Viruses Have Appeared on Wireless Devices?

It may seem as if there are many opportunities for viruses to appear on wireless devices, but the applications most users run on them today are quite simple and don't make for very attractive hosts. Currently, the most complex programs are arcade-style games, which are also the programs most likely to be shared among PDA owners.

The first malapp to appear on any of these devices was a Trojan called Liberty Crack, which appeared on a Palm device back in August 2000. This malapp was directed at individuals who wanted to "crack" a shareware version of a program called Liberty (a program that lets users play Nintendo GameBoy games on a Palm) into a fully registered version of the software. A "crack" is a program that "fixes" (i.e., patches) a shareware program so that it behaves as a registered version without the user having to pay for it. This Trojan deleted the application data on the Palm. Users installed the malapp onto the Palm by hot-syncing to their laptop, by having it beamed by another unsuspecting user, or by downloading it to the Palm as an email attachment.

The next malapp to be identified was also a Palm Trojan and appeared in September 2000. This malapp arrived on the user's laptop using the normal techniques, such as email or untrusted software download, and then reached the Palm device through a hot-sync operation with the laptop. When executed, the program changed a flag on the icons of all the Palm programs so that the icons didn't appear, leading the user to believe that all of the programs were gone. This malapp written specifically for the Palm was detected before it could install itself onto any devices; there are no reports that it has affected any users. As with the Liberty Trojan, a user had to choose to download the program to the Palm device.

The third malapp to appear on any of these devices was a true virus. Appearing on a Palm in September 2000, the virus overwrote a portion of every third-party program on the device. When a user called one of these programs, the newly injected code executed, draw a rectangle on the Palm screen, made sure all uninfected programs installed on the Palm were then infected, and finally failed. The virus affected only a small number of PDAs and was contained quickly.

You may have noticed that all of the malapps I've described target Palm devices. Why is this? Any explanation would be speculation at best, but you could say that the odds are against the Palm devices. According to Palm, Palm OS devices account for more than 75% of all PDAs sold and more than 95% of all corporate-issued PDAs. Given that virus authors tend to write viruses for maximum feedback (i.e., anonymous notoriety), if there is a PDA platform to infiltrate, Palm is it.

There are many more digital cellular phones than PDAs, so why are there no reported viruses for those devices? Based on the same analysis I used for PDAs, this wouldn't seem to make sense. But in reality, there are relatively few Web-enabled phones, and many of the owners of these devices do not use this capability. So writing viruses and malapps for digital cellular phones is a low-yield undertaking.

More than 53,000 viruses have been identified in the Windows world to date. Assuming only three viruses have been found for wireless devices so far, you might think I have exaggerated the possibilities. This is not true. One of the reasons for the disparity is that Windows has been around much longer than these wireless devices. There are many more installations of Windows, too. Another factor is that successful wireless malapps must be written in such a way that they can replicate themselves across a network of computers and eventually cross the boundary from one operating system (Windows) into another (Palm OS, Windows for Pocket PC, etc.).

How Can You Protect Your Wireless Device?

More than anything else, caution and common sense are your best protection against viruses. If you depend on your PDA or phone to make your appointments, keep your appointments, make your flights, etc., don't install every cool utility or game you come across, especially if you are unsure of the source and reliability of the programs.

Antivirus software has been available for PCs and PC servers for many years. Some of these tools have extensions built to watch over the information being sent to and from a PDA during a hot-sync operation. Still others have virus checkers that reside on the device to help prevent viruses from being installed by network connections, hot-sync operations, or infrared transfer.

McAfee.com (www.mcafee.com) and Symantec (www.norton.com), two leading antivirus software companies, offer software you can install on PC servers and on your laptop. The software can protect your network from viruses that might reach you through email or through files copied to the server by a client PC. When installed on your laptop, such products can protect your computer from viruses coming from unprotected networks or email. In addition, McAfee.com has a program called MARS (McAfee.com Anti-Virus Resident Scanner) that you install on your Palm device and use to scan your Palm for viruses.

These programs are not foolproof and will not always detect a virus. The reason for this is quite simple: A virus or malapp is really just a program like any other program, except that the author has intended for the program to cause some sort of mischief. It may be difficult for antivirus software to determine the intent of a program, but it is possible to recognize software that has caused havoc in the past. The way to do this is to keep a reference database of patterns that you can compare to anything you may be receiving on your computer or that is already on your computer--a fingerprint, if you will. It is important to keep this database as up-to-date as possible through your antivirus software provider.

If wireless viruses grow in number from three to anywhere near the 53,000 viruses known to exist in the PC world, users will have to think of more clever ways to detect malapps as they attempt to invade our devices, as the devices typically don't have the memory to store a large database of virus fingerprints.

A Modern-Day Frankenstein

If there is antivirus software available to protect your computer systems and writing malicious applications to attack wireless devices is so complex, why would anyone try to write such software? Dr. Frankenstein, in all his insecurity, persisted and succeeded to some extent in creating new life, even though he paid for his success in the end with his own life at the hands of his creation. Although it's not guaranteed, many virus authors meet their end, too, at the hands of law officers. Don't give them a chance: Protect yourself. Install antivirus software for your computer and your PDA, and treat all applications obtained from unknown sources as potential virus threats.

Andrew Vaiciunas is manager of presales (Canada and Eastern U.S.) at LANSA Inc. Andrew can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..



Support MC Press Online


Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: