Watch CBS News
X-SciTech

First Palm Pilot Trojan Horse Appears

/ CBS/AP

Add CBS News on Google

Antivirus experts are warning consumers about the first intentionally destructive program for Palm handheld computers: it appears as an update to a Palm program, but instead deletes all programs on the device.

The author of the program says he didn't mean for it to go public and that he's helping antivirus companies detect it.

The program, a type known as a Trojan horse, has been dubbed "Palm.Liberty.A." Liberty is a popular Palm program, made by Gambit Studios, that lets users download and play games made for the Nintendo GameBoy handheld computer.

Liberty is distributed as a "shareware" program, meaning that users are expected to try the program out and, if they like it, pay for a full-featured version. But as with many shareware programs, hackers have developed "crack" — downloads that allow software pirates to use the full version without payment.

Palm.Liberty.A is being distributed under the name "Crack 1.1" through Internet Relay Chat, a network of chatting channels. When run, it deletes all the programs on the user's Palm device, though it leaves the address book data, calendar and other databases intact.
Antivirus companies said they have not received any infection reports. But it is fairly easy for a hacker to modify the program and re-release it in a more dangerous form, similar to the many versions of the "Love Bug" virus that have come out since the first outbreak.

"It will definitely get attention," said Vincent Weafer, director of Symantec Corp.'s Anti-Virus Research Center in Cupertino, Calif. "I believe we've opened a Pandora's Box on some handheld devices."

Palm.Liberty.A affects Palm handheld computers and the Handspring Visor computers, which use the same operating system. It can be downloaded from a desktop computer or transmitted through the device's infrared communications port. Several virus companies offer software that detects and removes the program.

The person who wrote the program was also one of the developers of Liberty.

"The whole purpose of my research was to investigate anti-cracking, and assist developers stop cracking," said Aaron Ardiri, a Swedish software developer who also teaches at the University of Gavle in Sweden. "It is nothing about being malicious to the hacker."

Ardiri said he created the program to sweep off unwanted programs without harming a user's data, and he gave an early version to several of his friends. He said he decided not to release it because it might cause harm, but he said a friend posted it on an Internet Relay Chat channel without his knowledge.

Now it has found its way to Web sites. Ardiri has given a program to antivirus companies that detects Palm.Liberty.A and has tried other meanto head off an outbreak since it was released last Thursday evening.

"They're still distributing the file, and I can't get them to stop it. I'm trying to do everything to stop this thing," he said. "I don't know what to do, I've come to a dead end. I'm just waiting for the dust to settle."

By D. IAN HOPPER
©2000 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed

© 2000 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue