First Windows CE Virus Emerges

The virus, dubbed WinCE4.Duts, was sent to several anti-virus firms by its author over the weekend to prove that Pocket PCs and smart phones are vulnerable.
The first known virus aimed at Microsoft's Windows CE operating system was sent to several anti-virus firms by its author over the weekend to prove that Pocket PCs and smart phones are vulnerable to attack.

Dubbed WinCE4.Duts by most vendors, it's not out in the wild, according to BitDefender, a Romanian anti-virus firm that was among the first to report the virus. Like last month's Cabir, a virus that spread to cell phones via Bluetooth, Duts is a "proof-of-concept" code written to show that a vulnerability exists.

The virus' author uses the nickname "Ratter," and is a member of the same 29A hacker group that created Cabir, said BitDefender and other security vendors. 29A specializes in writing proof-of-concept code, and was also behind Rugrat, the first virus that attacked machines running 64-bit versions of Windows.

The virus displays a dialog box asking if it can spread, and if the user gives the OK, appends itself to .exe files on the device. It can only spread from one machine to another if users share infected programs, such as games.

Because Duts is not meant to propagate--users must be incredibly dumb to let it spread--"You're more likely to have a meteorite strike your house than be hit by this virus," Carole Theriault, security consultant at Sophos, said in a statement. "Owners of PDAs running the Pocket PC operating system shouldn't lose any sleep over this virus, although it might be a taste of things to come."

Although viruses and worms directed at mobile devices remain rare, security firms have been gearing up to secure handhelds and cell phones against attack.

And with good reason, said Eugene Kaspersky, the head of anti-virus research at Moscow-based Kaspersky Labs. "The events of the past month are really disturbing. The computer underground has pounced on the new opportunities offered by mobile devices, Kaspersky said in an E-mailed statement. "And now malicious programs are evolving in yet another direction, bringing the first global outbreak caused by a mobile virus closer and closer."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing