Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4094 (2000-09-06) Updated DAT4094 (2000-09-06) |
Minimum Engine
5.1.00 File Length2,663 |
Description Added
2000-08-28 Description Modified2000-09-05 |
Malware Proliferation
Characteristics
It arrives masquerading as a "crack" for an application called "Liberty" which allows a PalmOS device to run Nintendo GameBoy games. The crack claims to convert the freely available shareware version of "Liberty" into the full registered version. When run, however, the trojan attempts to delete all applications from the handheld and then reboot it.
AVERT recommends that PalmOS users add ".PRC" to the file extensions scanned, for protection.
The trojan was initially distributed on IRC by a co-author of the "Liberty" application.
Symptoms
On a PC, the trojan will appear as a file named "liberty_1_1_crack.prc" with a size of 2,663 bytes.
Method of Infection
The trojan is generally installed to a PalmOS device from a host computer during a HotSync operation. It can also be beamed from one Palm device to another via infrared. It is possible for OmniSky wireless internet users to receive this trojan via e-mail as an attachment.
Removal
Use specified engine and DAT files for detection and removal with the scan "all files" setting enabled. The trojan may also be deleted from the PalmOS device manually.
Variants