Duts shows viruses for Windows Mobile a reality

17 Jul 2004
Virus News

Kaspersky Lab, a leading information security software developer, has detected Duts, the first virus for Windows Mobile. This is one of the most popular platforms for mobile devices such as PDAs and smartphones.

'Duts is a proof-of-concept malicious program; it demonstrates that Windows Mobile is vulnerable to infection. Our tests show that the virus can propagate effectively in such an environment,' said Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. 'However, we don't expect a major outbreak - Duts is unable to spread independently, only infects a limited number of files, and signals its presence in the system when attempting to propagate.'

Duts was created by Ratter, the pseudonym of a virus writer who is an active member of the international group 29a. The group is well known for its proof-of-concept viruses, including the recent Cabir, the first worm for Symbian OS.

Duts is a classic parasitic virus and is 1520 bytes in size. It can penetrate mobile devices via email or the Internet, through removable memory, via synchronization with a PC or using Bluetooth technology.

Once the infected file is launched, the following dialogue box will be displayed:

If the user clicks yes, Duts penetrates all executable files larger than 4KB located in My Device (the root directory). When infecting, the virus writes itself to the end of the file and modifies the entry point. An empty header field will then be flagged with the text 'atar' to prevent re-infection of already infected files. Duts does not appear to have any destructive payload.

'The events of the past month are really disturing. The computer underground has pounced on the new opportunities offered by mobile devices. And now malicious programs are evolving in yet another direction, bringing the first global outbreak caused by a mobile virus closer and closer.' added Eugene Kaspersky.

Kaspersky Lab' antivirus databases already contain detection and removal routines for Duts. Kaspersky® Anti-Virus for PDAs running Windows CE can be downloaded here.