Johannesburg, 12 Apr 2007
A virus designed to contaminate iPod portable media players has been identified, with Symantec and Kaspersky agreeing it is the first of its kind.
Premlan Padayachi, consumer country manager for Symantec Africa, says the virus is a proof-of-concept program, designed to show these devices can be infected, as opposed to posing a real threat.
Dubbed Podoslo, after its creater, Oslo, the virus is designed to run on iPod Linux. "There is nothing iPod-specific in the virus code, it is just another proof-of-concept Linux virus," says Padayachi.
iPod Linux is a software project that allows a user to run a different operating system, Linux, directly on an iPod, he explains. When the iPod is switched on, the user sees a Linux interface instead of the usual Apple interface. This virus runs within that particular Linux framework and infects the files that are part of that operating system.
He says the virus arrives as a file called "oslo.mod.so" and infects specific iPod Linux files on the compromised device. "A user would need to manually copy an infected file to the device in order to infect an iPod, as it has no way to leave the device on its own."
Once executed, the virus searches the "/usr/lib" directory and all subdirectories for files containing the string "mod.so" in the file name. He says the virus then checks inside files to determine if it is a Linux file and currently not infected. When an infected file is executed, it will infect other files, but it will no longer run the host code.
The virus will display the following message on the iPod screen, once the infection routine is completed: "You are infected with Oslo, the first iPod Linux virus." He says the virus displays a greetings message on the iPod screen when Linux is shut down.
"This shows that, eventually, a virus writer will target any operating system on any platform, just to show that it can be done," he concludes.
Related story:
Microsoft takes on iPod market
Share