Computerworld

Palm Trojan Horse Emerges

A Trojan Horse capable of wiping out applications on Palm Inc. devices reared its head this week but was downplayed by security experts as a nonthreat to Palm OS users at this time.

But the Liberty Trojan horse, which may come to be known as the first true PDA (personal digital assistant) malicious code, will likely invite a bevy of copycats to try their hand at thwarting security on these devices, security experts said.

"If there's a way to turn this into a virus, we're going to see it," said Dave Perry, a spokesman at Cupertino, Calif.-based Trend Micro.

The Trojan horse appears to have been distributed in the pirated software community as a "crack" for Gambit Studios' Liberty, an application that emulates a Nintendo Game Boy on a Palm OS, according to Graham Cluely, senior technology consultant at Wakefield, Mass.-based security company Sophos.

But rather than granting users crack capabilities, access to functionality they normally would get via registration, the Trojan horse, created by Liberty author and Swedish lecturer Aaron Ardiri, instead erased all programs on the Palm device.

"[Ardiri] renamed something which zaps people's Pilot to make them think it was something else. It's really not a threat," Cluely said. "Maybe the AV [anti-virus] community has to eat a bit of humble pie here and say we overreacted, because as far I know, there's been no reports of this one."

Security experts said there have been no reported cases of the Liberty Trojan horse affecting users, with word of the malicious code's capability spreading via newsgroups and message boards last week.

Users may restore infected Palm OS-based devices with the HotSync manager, setting the System conduit to "Desktop Overwrites Handheld," according to officials at Espoo, Finland-based F-Secure.

Ardiri admitted he never meant for the Liberty Trojan horse to be distributed. He said the program was instead launched into the wild by one of the few people made aware of it.

Although Ardiri's Trojan horse is potentially capable of affecting devices manufactured by Palm, Handspring, IBM, TRG, and Symbol Technologies, the nature of both Palm devices and a Trojan horse currently work against the likelihood of a widespread manifestation.

A Trojan horse, unlike a virus, burns itself out once it is activated, eliminating any future problems. And although Palm and PDA usage is on the rise, the majority of users refrain from linking these devices to critical business processes, said Frank Prince, senior analyst of e-business infrastructure at Cambridge, Mass.-based Forrester Research.

"[A Trojan horse] is not a disastrous threat because the portable device is usually not the device of record for information kept on it: that [information] lives on a server, laptop, or somewhere else," Prince commented. "People who are used to putting important things on those devices tend to treat them with more care."

In a matter of curious timing, this week Santa Clara, Calif.-based Network Associates released VirusScan Wireless.

The anti-virus software vendor says its new product can protect users of PDAs and other wireless devices from hacking and virus attacks.