A backdoor trojan horse program has been found in the wild for Pocket PC devices. Meanwhile, mobile malware may be easier to write than expected.
Russian virus-tracking company Kaspersky Labs has stated that they have found and classified Backdoor.WinCE.Brador.a, the first full-fledged backdoor trojan program for Windows Mobile handhelds.
At only 6 KB, Brador works in the same fashion as desktop-targeted trojans. Arriving as an e-mail attachment or other seemingly benign file, it invites the user to open it and then installs a silent program on the device that opens up a port (44299 in this case) then contacts the author to notify him that the device has been "owned". The author (or any other malicious party) can then send commands to the handheld remotely to upload or download files, transmit viruses, send spam messages, etc.
Brador is different from the Dust virus discovered last week in that Dust is just a proof of concept virus that contains no payload and in fact asks the user for permission to install itself before doing so. By contrast, Brador is a fully-functional trojan horse program (named in honor of the wooden benevolent-seeming statue of the same name), and was discovered an e-mail was received, in Russian, claiming to offer the receiver the client portion of the trojan to access infected systems to make use of the infected system. Such a practice is increasingly common for desktop viruses and trojans, and in fact a large percentage of spam e-mails are sent from infected home PCs, the owners of which have no idea what their computer is doing.
That may be just the beginning, however. At this week's Black Hat Briefings seminar in Las Vegas, Seth Fogie, Vice President of Airscanner, demonstrated several other proof of concept malware programs for ARM-based Windows Mobile handhelds. These include a keystroke logger, a virtual remote control application, and an FTP server that can easily hidden from the user. Although none of the applications shown are currently active and in the wild, Fogie claims that they would be easy for someone to modify properly to cause considerable havoc. Fogie pointed out that his own company makes security software for Windows Mobile handhelds, and is developing a software firewall for Microsoft-based handhelds.
 |
 |
|
 |
|