WinCE/Duts.A - Released Jul 17, 2004 - Last Updated Jul 23, 2004
|
Alias/esWinCE/Duts.1520.A, WinCE4.Dust |
Detection Availability
|
Visible SymptomsThis threat is detected first with AV database update version 4.408. Detection for this threat was adjusted in v4.412.
|
Detailed Analysis
Specifics
This is a Windows CE (also known as Pocket PC) specific
threat. This virus is little more than a proof-of-concept
virus, a proof that a virus could infect the Windows
CE platform.
This virus seeks to infect files which are not already
infected. Infected files are marked by the virus with
a byte string inserted into the file header - the hex
byte string is 61 74 61 72 which translates to 'atar'.
The virus attempts to infect .EXE files on the host
system, and in the root folder. WinCE/Duts infects files
by appending its code, and modifying the entry point
to run the appended code.
Miscellaneous
This virus contains these text strings in the virus
body -
- This code arose from the dust of Permutation City
- WinCE4.Dust by Ratter/29A
Dear User, am I allowed to spread?
- This is proof of concept code. Also, i wanted to
make avers happy.The situation when Pocket PC antiviruses
detect only EICAR file had to end ...
|
Recommended Action
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
Update" option
|
