1

Wireless Threats 4 – Airborne Viruses

Airborne Viruses in Chapter 8 of Wireless Maximum Security by Peikari, C. and Fogie, S.

2

Airborne Viruses

Airborne Viruses Virus Overview Virus Prevention Trojans Hostile Web Pages and Scripting Palm OS Window CE.NET Handsets

3

Airborne Viruses Malicious virus writers have a passion for

“owning” new technology. The motivation for malicious virus writers

Feeling the thrill of “cracking” a new technology or platform

Gaining publicity in the IT and popular press Earning the respect of their malicious peers Breaking the record for most widespread

infection

4

Airborne Virus - Example Phage virus was the first to attack the Palm OS

handheld platform. This virus, when executed, infects all third-party application programs.

The virus transmits itself along with infected files.

With distributed programming platforms such as .NET combined with mobile Microsoft platforms such as Window CE, the potential for viruses could be even greater.

Visual Basic Script (VBS)-based Timofonica Trojan horse virus that hit a wireless network like “I Love You”, it appends itself and spreads through your contact list.

5

Airborne Virus - Example In Japan, a virus that sent a particular

message to users on the network attacked the NTT DoCoMo i-mode system.

Unsuspecting users who received the message received a hypertext link to click. Unfortunately, this link automatically dialed an emergency service number, causing the emergency response service to overload.

6

Virus Overview – Brief Introduction

Viruses A computer virus is a program that has the capability

to reproduce itself into other files or programs on the infected system and/or systems connected via a network.

A virus must have human interaction in order to spread. This means that a human must physically launch the program that contains the malicious instructions.

A virus must infect the host machine but the computer operator is responsible for the spread of a virus.

7

Virus Three factors which determine how far and

wide it will spread The social attraction of the virus, The reproductive aspect of a virus, The payload of virus

The social attraction of the virus – I love U attack on the Valentine Day.

The reproductive aspect of a virus – keep the virus alive and spreading

The payload – how often it copy itself into system files and adjust the settings of your computer, e.g. a Word virus

8

Virus

A virus, once executed, will begin its work. A virus will often copy itself into system files

and adjust the settings of your computer to fulfill its requirement for multiple execution.

Different types of viruses attach themselves to their host systems in different places.

A macro virus – a macro is a set of commands that requires an interpreting program for execution. VBA (Visual Basic for Applications in Microsoft Offices.) macro is corrupted with a virus e.g. Melissa

9

Virus – a macro virus

Melissa virus ties right into VBA through Outlook.

Melissa reproduces itself and mails itself to everyone in the infected computer’s address book.

The recipients, trusting the sender of the email, open the email and thereby infect themselves; they in turn infect everyone else in their respective address books.

10

Virus – a file infector

A file infector attaches itself to another file and is executed when the host file is launched.

E.g. A virus infects the autoexec.bat file, the virus is executed every time your computer is started.

Prevention: Never launch a program without knowing its

result. Do not trust attachments, even if it appears that

your friend sent them.

11

Worm A worm “lives” and in how it infects other

computers. A worm needs no human interference or

stimulation after it is released. It find holes – it detects another computer on a network and automatically write itself to the computer.

A worm can delete, overwrite, or modify files just as a virus can.

A worm is program that can run independently, will consume the resources of its host from within in order to maintain itself, and can propagate a complete working version of itself on to other machine.

12

Worm Morris Worm in 1988 in MIT, infects a

large university mainframe computer and affects thousands of students.

“I Love You” worm copied itself into several different types of files on the connected computer and then waited for someone to open what they assumed was a simple picture or Web page file. This caused $15 billion in damages.

13

Trojan Horses (Trojans)

A Trojan actually allows others to own your computer and the information stored on it.

It creates a backdoor into the infected computer through which any instructions can be sent. The damage depends on the imagination of the person who is sending the instructions.

14

Trojan Horses - Examples

Netbus and Back Orifice Remote logon function is a Trojan Trojans run hidden programs in

victims’ computers which spy and control the computers.

15

Trojan – How a Trojan works Every Trojan has both a client and a server. The server is installed on your computer whereas the

client is installed on the hacker’s remote computer. Hackers use the client program to connect to the

matching server program running on your computer, thus giving themselves a backdoor into your files.

When the server side of a Trojan opens a port, it is waiting for commands from its corresponding client.

The server performs the request and sends back any information requested. The port is just a virtual doorway.

Modern Trojans change ports and even disguise themselves by sending data through innocuous ports or by encrypting the communication between client and server.

16

Virus Prevention

You must NEVER open a file/program unless you are 100% sure it is not infected.

Use an updated virus protection program and the virus protection software will alert you and will quarantine the infected file.

Your goal is to detect the virus before it causes any harm.

Use port scanning for suspicious Trojan programs

17

Hostile Web Pages and Scripting Through scripting languages, Web

page operators can upload and download files to your device. They can also install mini-programs or grab information from you that can be used to destroy or take over your computer.

Scripting languages are built into the HTML => malicious codes.

Use the security features wisely.

18

Palm OS – different architecture from desktop computers

Potential methods of infection When the handheld is synchronized with

desktop counterpart, it pass the infection, much like the slow floppy disk infections

A virus could “wrap” a Palm-specific virus in a desktop virus, then the desktop anti-virus software might not detect it. A user executes the file and release the Palm-specific virus.

Pass malicious code by infrared beaming. Broad cast virus would totally bypass anti-virus

19

Palm OS - Phage

Palm virus was discovered in Sept. 2000.

It display a gray box that covers the screen, and infects all other applications on the Palm.

Delete any occurrence of the file phage.prc from your backup folder

20

Palm OS – Liberty Crack

A Trojan allows you to run Nintendo Game Boy games on the Palm OS.

The authors of Liberty decided to pay back the pirates by releasing a crack for Liberty that was actually a virus.

Ethics – No matter how much you dislike someone, it is wrong to unleash uncontrolled, replicating viruses in the wild

Removal: delete liberty_1_1crack.prc

21

Palm OS – Vapor

All application icons will vanish as if deleted – simply remove the icons from the display.

To counter this, simply re-install your file system

22

Viruses on Windows CE.NET

A Triumph as the primary operating system of Internet-enabled smart phone

Search virus for Window CE in yahoo

23

Handset Viruses

SMS (Short message system) SMS to visit a Web page => 110

Emergency no in Japan Scandinavia

It locked out the handset button => DOS attack

24

Summary

It is only a matter of time before all mobile platforms are vulnerable.