A Russian antivirus company has reported a proof-of-concept virus that runs in iPodLinux (an open source port of Linux in iPod) on top of Podzilla 2 user interface. The virus which marks the infected files with “Oslo” was written by the same author of PE_IKOL.A. It has no destructive payload but merely shows the tux iPodLinux logo together with the following message. It registers itself in the /Extras/Demos menu section of the iPod.

You are infected with Oslo, the first iPodLinux Virus by [author].

The virus only infects ELF executable files (ends with mod.o) in the /usr/lib/ directory of iPod, recursively. It writes the copy of itself at the top of the host file and appends its marker (”Oslo”) at the bottom. It also attempts to show to the user some greetings when the iPodLinux was shutdown.
The virus being the first of its kind was used by the author to show that malware can run on iPodLinux platform even though it needs to be manually executed to trigger its infection routine.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!