Security threats Toolkit

First handheld Trojan emerges

Tags:
Viruses,
Pocket PC,
Handheld,
Trojan Horse

Ina Fried CNET News

Published: 06 Aug 2004 08:40 BST

A malicious Trojan horse program has emerged for Pocket PCs, antivirus companies said on Thursday, but they characterised the threat as relatively low.

The program, known alternately as Backdoor.Bardor.A and WinCE.Brador.a, lets an attacker gain full control of the handheld and is the first such "backdoor Trojan" program to emerge for Pocket PCs. However, such backdoor programs are not capable of propagating on their own and instead must be sent as email attachments or through similar means, making them less dangerous.

Symantec rated the bug a "1," the lowest on its five-point scale. In a statement, the company offered the standard warning not to open or execute files from unknown sources.

"Backdoor server and Trojan horse programs often use enticing file names to trick users into executing them," said Oliver Friedrichs, senior manager, Symantec Security Response. The bug appears to be limited to devices that use an ARM processor and Microsoft's Pocket PC operating systems, Symantec said.

Last month, researchers identified the first Windows CE virus, which researchers said was mostly a "proof-of-concept" bug, or one designed to demonstrate its own feasibility.

"We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile," Eugene Kaspersky, head of Anti-Virus Research at Kaspersky Labs, said in a statement. "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware (malicious software), Brador has a complete set of destructive functions typical for back doors."

Kaspersky Labs said it believes the bug was probably written by a Russian virus coder, noting that the version it saw was attached to an email with a Russian sender address and Russian text inside.

The antivirus company said the author was offering to sell the client part of the Trojan to all interested parties, which could put control of infected systems in the hands of buyers. Those buyers could in turn rent the systems out to malicious hackers to use in attacks or to spammers, who could use them to send out junk email. Such rent-a-zombie schemes have surfaced before, with Scotland Yard investigating one just last month.

Although there have not been many attacks aimed at handhelds and cellphones, antivirus companies and hardware makers have for some time been developing security and antivirus products for such gadgets.

"We can be sure that the computer underground will snatch at the chance to attack PDAs and mobile phones in the nearest future," Kaspersky said.

Microsoft said in a statement that they are investigating reports of the virus.

"Microsoft is currently not aware of any customers being impacted at this time but will continue to investigate the situation to provide appropriate guidance for customers," the company said. It recommended that customers install virus-protection software on their handhelds and also that they activate the password-protection features on the device.