First PDA Trojan hits
Kaspersky Labs claims to have unearthed the first backdoor malicious code to attack PDAs running the Pocket PC operating system.
Kaspersky Labs has detected Backdoor.WinCE.Brador.a, the first Trojan for PDAs running under PocketPC, which is based on Windows CE. Brador is 5632 bytes in size and opens the infected machine for remote administration. After the backdoor is launched, it creates the svchost.exe file in the Windows autorun folder, thus maintaining full control over the system every time the handheld is turned on.
Brador then identifies the machine’s IP address and sends it to the author, informing him that the handheld is on the internet and the backdoor is active. Finally, Brador opens port 44299 and waits for further commands.
Brador is created to allow the author full control over the infected PDA via the port that the Trojan opens. Brador is programmed to upload and download files and execute a series of further commands.
The good news is that like all backdoors, Brador cannot spread by itself. It arrives as an e-mail attachment or can be downloaded from the internet or uploaded along with
other data from a desktop PC.
”We were certain that a viable malicious program for PDAs would appear soon after the first proof of concept viruses emerged for mobile phones and Windows Mobile", says Eugene Kaspersky, head of anti-virus research at Kaspersky Labs.
“WinCE.Brador.a is a full-scale malicious program that is ready to go. unlike proof of concept malware, Brador has a complete set of destructive functions that are typical of backdoors,” says Kaspersky.
Brador was probably written by a Russian virus coder. The Trojan was attached to an email with a Russian sender and Russian text inside.
"PDA users face a real danger and we can be sure that the computer underground will snatch at the chance to attack PDAs and mobile phones," adds Kaspersky.
"Malware development for mobiles is passing through the same stages as malware for desktops. We will probably see a serious outbreak of viruses for handhelds sometime
soon," he explains.