Anbei ein Auszug aus dem aktuellen Pandasoft Newsletter - gibt zu Denken:
Madrid, October 21 2005 - In today's Oxygen3 24h-365d we will be talking about the first specific malicious code -Format.A and Tahen (variants A and B)- designed to damage Sony's PSP (PlayStation Portable) and Nintendo DS.
These three Trojans, which have recently appeared, are extremely dangerous as their attacks delete critical files, and can even irreversibly render the console unusable in the case of PSP. In order to spread, Format.A is designed to imitate a tool developed to enable running unsigned code on PSP consoles. The Tahen Trojans, on the other hand, simulate homebrew applications for Nintendo DS. However, when users install them they overwrite certain areas of firmware (software embedded in certain hardware) on the Nintendo DS console and the G6, XGFlash, SuperCard and GBAMP devices (which allow cartridges to be recorded with software to run on the console).
At first glance, this looks like a serious problem as it can irreversibly affect expensive devices. However, if people use the consoles according to the manufacturers' instructions, the chances of infection are almost zero. Luis Corrons, director of PandaLabs, is doubtful that these malicious code can spread massively: "The videogame consoles are not designed for using third-party software. In order for the malicious codes detected so far to reach one of these consoles, users would have to voluntarily run applications from unauthorized sources. Remember that just as with PCs, downloading and running software from dubious sources is always a serious security risk."
In terms of future malicious code for videogame consoles, Corrons doesn't believe they will become a serious cause for concern. "At present, all we can say with certainty is that malicious code similar to that so far detected will continue to appear, given that the instructions for creating them are readily available on the Internet.
The chances of malicious code appearing that represent a serious threat to all users of these devices depend largely on the functionalities that developers include in the new versions of these products and the corresponding security measures implemented."
To prevent attack from malicious code that affects videogame consoles, PandaLabs offers the following advice:
- Don't insert UMD disks or memory sticks for PSP or DS cartridges that have not been recorded by an authorized developer.
- Don't establish external communication (USB, IrDA or WiFi) with non-trusted consoles or computers that could transfer unwanted information.
- Don't try to run applications from unauthorized developers on the video console.
- If nevertheless, you want to install a software packet on the console, it should be previously scanned on a computer with a reliable and up-to-date antivirus.
PS: Panda Software ist ein kleiner aber feiner Hersteller von AV Lösungen, und dieses Mail ist sicher kein Fake