Ppc Viruses Are Coming!!!! - Page 2

0wolfe · #11 (**permalink**) 10-20-2008, 07:54 PM

kaspersky also make a a PPC backround virus software.

ny152 · #12 (**permalink**) 10-21-2008, 05:36 AM

There's a FREEWARE Spybot version for Windows Mobile... go here for info and d/l:

http://www.download.com/Spybot-Searc...dlPid=10575061

Aniken · #13 (**permalink**) 10-21-2008, 06:15 AM

There is a well documented issue with Active Sync and it's ability to "crossover" a trojan from your PPC. I agree that a "three-finger salute" would solve the problem but the loss of data as noted in the article following the link would for sure be a pain in the *** if your in the field.

http://news.zdnet.co.uk/hardware/0,1...9254952,00.htm

**dannzeman** · #14 (**permalink**) 10-21-2008, 06:58 PM

Quote:

Originally Posted by Aniken

There is a well documented issue with Active Sync and it's ability to "crossover" a trojan from your PPC. I agree that a "three-finger salute" would solve the problem but the loss of data as noted in the article following the link would for sure be a pain in the *** if your in the field.

http://news.zdnet.co.uk/hardware/0,1...9254952,00.htm

Wow, not to slam you or anything but that article was published in March of 2006. I think desktop AV software has progressed enough since then to catch that. Even so, all of us here are pretty much on the edge of mobile tech news and if some virus did show up we'd pretty well informed about it.

http://www.wmexperts.com/articles/ed...are_mobil.html

Aniken · #15 (**permalink**) 10-21-2008, 07:34 PM

I would definitely agree that for the most part... some posters are among the smartest using a PPC.
However, I think you missed the entire point of my post. Although your PC, my PC or most any PC running a decent AV would ultimately block or remove a virus, you have to agree that any data loss on a your PPC, well maybe not yours, would not be warmly received. I too can find articles that disagree with your post. Hence the following....Please remember your not always right.

A Simple Sync Can 'Sink' Your PC

Researchers release proof-of-concept for attack on Windows' ActiveSync 4.0

SEPTEMBER 30, 2008 | Careful when you sync your mobile handset with your PC: Researchers have found a way to hack their way into a PC that runs Microsoft’s ActiveSync 4.0.

White Wolf Security has released proof-of-concept code called ActiveSink that demonstrates how an attacker could use ActiveSync 4.0 to hack into a PC via an attached Windows Mobile device. “The vulnerability is that all an attacker needs to do is plug in a Windows Mobile device to a PC with ActiveSync installed -- in its default mode -- and the mobile device will establish a direct TCP/IP connection to the host PC. This happens whether or not the users account is locked,” says Seth Fogie, chief security officer at White Wolf Security and vice president of Airscanner Corp. “Once the connection is established, then it is a matter of penetration testing and exploitation.”

Fogie says it’s basically yet another method of bypassing a firewall. He contacted Microsoft about the vulnerability over a month ago, and was told someone would get back with him, but so far, no word.

At the heart of the problem is the so-called Remote Network Driver Interface Specification (RNDIS) Microsoft added to version 4.0 of the syncing application, which basically opens the door for an attacker, according to White Wolf’s research.

Fogie describes AppSink this way: It creates a user account on the targeted system and establishes a “reverse-shell” on it and back to the Windows Mobile device. The attacker would plug his Windows Mobile device into the targeted system and “tuck it behind” it, Fogie says, and use tools like Metasploit or Wireshark to hack into the machine wirelessly via the mobile device. Once it found the vulnerable elements, it could then exploit them or add a new account on the victim’s PC to access data on the machine, he says.

This isn’t the first sync vulnerability discovered, but previous ones mostly have been man-in-the-middle or spoofing attacks, Fogie says. This one just goes after ActiveSync 4.0’s operations. “It only takes one vulnerable PC to actively sink your network's security — even if that PC is kept offline and/or behind a corporate firewall,”

**schettj** · #16 (**permalink**) 10-21-2008, 07:47 PM

So, just to recap in case you didn't understand it...

When you connect any device it creates a local network between itself and the PC - so it's now "inside" the corporate firewall, talking to exactly 1 PC (yours) as if it were a peer node on the local network.

So, then, you run something like ICS on the winmo, and you connect to it, and then you can start probing the one PC its connected to to find something on the PC you can exploit via a network connection.

Most/many firewalls will by default firewall the RNDIS adapter, so if you're running one of those this assault dies there. Also, this assumes the PC is logged in with AS running and USB connection enabled. I'm reasonably sure if you're not LOGGED IN, there is 0 risk as well.

Frankly, if MR BAD HACKER is roaming my hallways looking to jack into a locked PC to see if its running activesync, I have MUCH BIGGER security issues*

* simple example. MR BAD walks in, finds a conference room with an open ethernet port, and drops in a wifi access point. If he's good, he drops about 15 of these around with ssid like "Corporate Trial Do not Use" "Testing" "Accounting" etc... with WPA enabled.

Then he goes outside, fires up his laptop, and has at the corporate network as a first class node.

But indeed, you should BE AFRAID and most importantly SEND MONEY TO SOMEONE TO FIX THIS!!!

Sheesh.

Aniken · #17 (**permalink**) 10-21-2008, 08:02 PM

Thanks again schettj, as I said "some posters are among the smartest using a PPC."

**dannzeman** · #18 (**permalink**) 10-21-2008, 08:43 PM

Aniken, I wasn't saying you were wrong and I was right. I was merely make the point that we as a community, or at least I myself, haven't heard a lot about viruses taking over our ppc's. I never said it wasn't possible or that they don't exist. I was just trying to make the point that I don't think AV software is needed on our phones yet and if viruses ever did get out that we'd be informed about it.

PocketPcUser · #19 (**permalink**) 10-22-2008, 12:19 AM

I think the bigger issue here, is not a "virus," but a "bug" that could be far more harmful. Here is the example:
You write a software code that performs a hard-reset, and boom, you are just as much in trouble, then having your device infected. This is where the real possiblity lies, but there is little to be done to prevent an attack like this.
Thus, since it is so easy to do, the AV companies (IMO) obviously are in charge of the development of both the AV products, and the viruses etc. too... Isn't hackers supposed to be relentless, with new viruses coming out each day?

Aniken · #20 (**permalink**) 10-22-2008, 06:45 AM

Quote:

Originally Posted by dannzeman

Aniken, I wasn't saying you were wrong and I was right. I was merely make the point that we as a community, or at least I myself, haven't heard a lot about viruses taking over our ppc's. I never said it wasn't possible or that they don't exist. I was just trying to make the point that I don't think AV software is needed on our phones yet and if viruses ever did get out that we'd be informed about it.

Dannzeman, I apologize. After reading your second response and thinking about PPCgeeks.com as a community, I realize that I may have jumped to conclusions and everyone is entitled to his or her opinion on any given subject.
I have looked through the postings here with great admiration and always come here searching for answers....Normally, I would never post if I didn't think what I was saying was for the better good of the community.
Again please accept my apology and continue to support PPCgeeks.