A new virus has appeared for a new platform. Nothing really newabout that, except that this time, the platform is a...calculator. Yes,the Texas Instruments TI89 is now the target of infection. The TIcalculators are very powerful, and allow modules to be installed in theRAM. There are thousands of applications already, lots of games, hacksto display grayscale instead of just black and white, and of courselots of mathematics routines.
We don't even have a name yet for this virus, because we're still inthe process of deciding on a proper platform name. TI89 is not accurateenough, since it's the underlying software layer that determines if thecode can run, rather than the hardware. It might be AMS, after the nameof the ROM software. Anyway, we'll see.
The virus itself is interesting, since it is not only a parasiticinfector of other modules, but it is entry point obscuring. That is,instead of simply changing the entry point of a module to pointdirectly to the virus code, the virus searches within the module for aparticular set of instructions, and overwrites those to point to thevirus code. Detection isn't greatly hindered by that, but repairing afile infected in that way is a bit more complicated.
The real problem is that we don't seem to have a scanner for that platform. :-)