But all the company had was the binary, and results of its own blind reverse engineering process.
So, AirScanner decided to communicate with the virus's creator to see if he would be willing to offer a more detailed analysis, with the goal of developing better protections against this new class of virus. The result is a fascinating
three-part series at informIT.com, co-authored by Airscanner's CEO and vice president together with the virus creator, an apparently legitimate security researcher who calls himself "Ratter/29A."
WinCE4.Dust is described as a "low-risk" virus that does no harm to infected devices and was created as a proof-of-concept only. The authors point out that some in the antivirus industry oppose publishing proof-of-concept code and methods of defense, preferring to keep it "within a closed priesthood of self-proclaimed 'experts'." The authors, on the other hand, say they believe in "responsible full disclosure."
That said, Ratter/29A discusses the 29A group of virus writers and their motivation in developing proof-of-concept viruses. He then goes on to describe in considerable detail the source code of WinCE4.Dust and the Windows CE weaknesses that it exploits.
Read the full informIT series on WinCE4.Dust
Related stories: 
