VirusWinCE/Duts.A
Analysis
Specifics
This is a Windows CE (also known as Pocket PC) specific
threat. This virus is little more than a proof-of-concept
virus, a proof that a virus could infect the Windows
CE platform.
This virus seeks to infect files which are not already infected. Infected files are marked by the virus with a byte string inserted into the file header - the hex byte string is 61 74 61 72 which translates to 'atar'.
The virus attempts to infect .EXE files on the host system, and in the root folder. WinCE/Duts infects files by appending its code, and modifying the entry point to run the appended code.
Miscellaneous
This virus contains these text strings in the virus
body -
- This code arose from the dust of Permutation City
- WinCE4.Dust by Ratter/29A
Dear User, am I allowed to spread?
- This is proof of concept code. Also, i wanted to make avers happy.The situation when Pocket PC antiviruses detect only EICAR file had to end ...
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extended | |
| FortiClient | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-01-06 | 74.33900 | Sig Added |