Malicious program aims for Pocket PCs

A malicious Trojan horse program has emerged for Pocket PCs, antivirus companies said Thursday, but they characterized the threat as relatively low.

The program, known alternately as Backdoor.Bardor.A and WinCE.Brador.a, lets an attacker gain full control of the handheld and is the first such "backdoor Trojan" program to emerge for Pocket PCs. However, such backdoor programs are not capable of propagating on their own and instead must be sent as e-mail attachments or through similar means, making them less dangerous.

Symantec rated the bug a "1," the lowest on its five-point scale. In a statement, the company offered the standard warning not to open or execute files from unknown sources.

"Backdoor server and Trojan horse programs often use enticing file names to trick users into executing them," said Oliver Friedrichs, senior manager at Symantec Security Response. The bug appears to be limited to devices that use an ARM processor and Microsoft's Pocket PC operating systems, Symantec said.

Last month, researchers identified the first Windows CE virus, which researchers said was mostly a "proof-of-concept" bug, or one designed to demonstrate its own feasibility.

"We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile," Eugene Kaspersky, head of Anti-Virus Research at Kaspersky Labs, said in a statement. "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware (malicious software), Brador has a complete set of destructive functions typical for back doors."

Kaspersky Labs said it believes the bug was probably written by a Russian virus coder, noting that the version it saw was attached to an e-mail with a Russian sender address and Russian text inside.

The antivirus company said the author was offering to sell the client part of the Trojan to all interested parties, which could put control of infected systems in the hands of buyers. Those buyers could in turn rent the systems out to malicious hackers to use in attacks or to spammers, who could use them to send out junk e-mail. Such rent-a-zombie schemes have surfaced before, with Scotland Yard investigating one just last month.

Although there have not been many attacks aimed at handhelds and cell phones, antivirus companies and hardware makers have for some time been developing security and antivirus products for such gadgets.

"We can be sure that the computer underground will snatch at the chance to attack PDAs and mobile phones in the nearest future," Kaspersky said.

Microsoft said in a statement that it is investigating reports of the virus.

"Microsoft is currently not aware of any customers being impacted at this time but will continue to investigate the situation to provide appropriate guidance for customers," the company said. It recommended that customers install virus-protection software on their handhelds and also that they activate the password protection features on the device.

[Jonathan]

Anther insecure PoS from Microsoft....thanks

If memory serves Palm has had one Trojan. Now here comes Microcrap with their own form of infection called Windows to screw up a relatively safe platform. I don?t know about anyone else but I?m sure has hell not running ANY antivirus software on my PDA.
How is it possible for Microcrap to design a platform almost from the ground up only 4 years ago and not take security into consideration?!?! Moronic idiots.

[David Arbogast]

Balance for the angry boy's comment

Hey yeah!
And while we are on the topic, how on earth Linus write an operating system kernel in just 6 months, and then with the help of thousands of pairs of volunteer developer eyes fail to make it secure and eliminate critical bugs?

psssh... lets just give up all software.

[Jim Harmon]

Proof of concept

I wonder how long it will be before a "proof of concept" virus is disseminated via OnStar?