iPod Proof-of-Concept Virus: No Teeth, No Legs

It was only a matter of time before someone developed a proof-of-concept virus aimed at the iPod. Discovered by Kaspersky Lab, the virus is a file that can be launched and run on an iPod.

The good news for the majority of iPod users is that Linux must be installed on the device for the virus to function; iPods running Linux are a decidedly smaller subset. If the virus, dubbed "Podloso," should manage to latch onto such an iPod, it would install itself in the folder that contains the program demo versions.

Once launched, according to Kaspersky Lab, the virus scans the device's hard disk and infects all executable .elf format files. When the user tries to access these files, a message is displayed on the screen that says, "You are infected with Oslo the first iPodLinux Virus."

Podloso is a typical proof-of-concept virus, according to Kaspersky, created in order to show that it is possible to infect a specific platform. Like most of the ballyhooed mobile phone viruses, Podloso is unable to spread.

Eroding Aura

Still, its emergence is disconcerting to Apple (Nasdaq: AAPL) users who have watched the company's reputation for impeccable security become sullied over the past 18 months or so.

In 2006, the first worm targeting its iChat messaging system surfaced. Later, users were less than enchanted by revelations of Safari vulnerabilities.

iPods were the next Apple product to be visited by security woes. Last year, a small number of video iPods produced after Sept. 12, 2006, were reported to be harboring the RavMonE virus.

It didn't harm the iPod, but it theoretically could have affected Windows PCs when the device was plugged into a PC. Though Apple issued a formal apology for the glitch, it also pointed a finger at Microsoft (Nasdaq: MSFT).

The Next Vector

In general, USB (universal serial bus)-based devices are an accident waiting to happen, said Paul Henry, vice president of technology evangelism at Secure Computing.

"What is happening with the iPods does not surprise me," he told MacNewsWorld. "There have been a number of different threats emerging over the last few years in this area."

These threats -- software programs or hacking tools -- either target the USB port or the PC as a vector for malware and leave a company vulnerable to Sarbanes-Oxley violations or the mishandling of consumer data.

"Hacking tools are being devised so if you can get physical access to a PC in a network you can wreak all kinds of havoc without leaving a trace," Henry said.