The first known Trojan horse aimed at handhelds struck late last week. A Trojan horse is a malicious program that appears to be legitimate, which is often attached to free gaming software. Trojan horses can locate password information, make systems more susceptible to future entry, or sabotage data on a user's hard disk.
Developed by a software programmer, the Liberty Crack program, as the Palm Trojan horse is now known, appeared as a free version of Gambit Studios LLC's Liberty GameBoy emulation software for the Palm. Once Liberty Crack executes, it could delete all of the applications on a Palm device. Trojan horses typically mimic legitimate programs but do not replicate themselves.
At the moment, the Trojan horse doesn't seem to warrant too much concern. A fix has already been posted and Palm users have the ability to synchronize their devices with their PC to retrieve lost data.
Virus experts at Network Associates's McAfee division, however, claim that this initial incident may pave the way for hackers interested in attacking increasingly popular PDAs (personal digital assistants) and other wireless devices.
Ryan McGee, product marketing manager at McAfee, said that Palm looked at the workings of the Timofónica virus released in Spain in July as the first hint of possible attacks on PDAs and handhelds. The Timofónica virus could send copies of itself to contacts in a victim's address book and then send short messages to mobile phones. With the virus making its way into wireless devices, McGee said that McAfee began work on a antivirus scanner.
"As an application or device gains popularity, it becomes an attractive target for virus writers," McGee said. With that in mind, McAfee developed software to scan the Palm operating system as well as rival offerings -- Symbian's EPOC OS and Microsoft's Windows CE OS.
McGee said that he would not be surprised to see the first full-fledged virus directed toward PDAs within a year. The more advanced memory capabilities of these devices make them an immediate target, McGee noted, adding that cell phones may also face similar tests in the future. "Any time a device has the capability to access a network or another device, it is dangerous," he said.