Skip Links

Trojan hits Windows PDAs for first time

By , Network World
August 09, 2004 12:14 AM ET

Network World - After finding the third malicious program targeting wireless devices in fewer than 60 days, security specialists are warning that it's only a matter of time before attackers launch a serious attack against mobile phones and PDAs.

Kaspersky Labs last week reported the first incidence of a Trojan horse that targets certain Windows-based handheld devices. Backdoor.WinCE.Brador.a is a backdoor utility that, security vendor F-Secure says, "copies itself to the startup folder, mails the IP address of the PDA to the backdoor author and starts listening to commands on a TCP port. The hacker can then connect back to the PDA via a TCP port and control the PDA through the backdoor" (see "How Brador Works," below). It can infect Pocket PC devices running Windows CE Version 4.2 and later, and newer versions of Windows Mobile.

The discovery of the Brador Trojan horse comes less than three weeks after security experts identified Duts, the first proof-of-concept virus to target the Pocket PC platform; and not quite two months after the discovery of Cabir, a proof-of-concept worm that spreads via Bluetooth. Duts can infect devices running Pocket PC 2000, Pocket PC 2002 and Pocket PC 2003. Cabir can infect Bluetooth phones running the Symbian OS.

"We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile," Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, said in a statement.

Whereas Duts and Cabir are conceptual viruses that contain no payload, Brador is a fully functional Trojan horse with the complete range of destructive functions typical of other backdoors, according to Kaspersky Labs. For example, the program can respond to commands to upload or download files.

"Backdoor.WinCE.Brador.a is most probably already in the wild, and it's absolutely viable," says Alexey Zernov, a spokesman for Kaspersky Labs. "This backdoor wasn't written for demonstration but for a specified purpose: to penetrate PDAs, getting full control of the infected mobile device."

A group called 29A is responsible for creating Duts and Cabir. According to Kaspersky Labs, a Russian malicious code writer created Brador with the text: "Get to work, folks, the Pocket PC market will soon explode."

Once in the wild, Brador could prey upon the growing numbers of wireless-enabled handheld devices corporations are deploying to run IP services, connect to the Web and provide remote access to corporate network resources. But exactly how damaging such attacks could be is debatable.

Symantec categorizes Brador as a Level 1 threat in a range from 1 to 5, with 5 being the mo

Mobile malware
Malicious programs targeting mobile devices in the past two months include:
Name: Alias/aliases Description Reported
Brador Backdoor.WinCE. Brador.a A backdoor utility allowing for remote administration of infected machines. It can infect Pocket PC devices running Windows CE and newer versions of Windows Mobile. Aug. 5
Duts WinCE/Duts, WinCE.Dust, Dtus Proof-of-concept virus for the Pocket PC platform. It can infect devices running Pocket PC 2000, 2002, 2003. July 17
Cabir SymbOS/Cabir.A, EPOC/Cabir.A A worm capable of spreading via Bluetooth. It can infect mobile phones running Symbian OS. June 14
Click to see:

st severe.

The threat of vandalism and information leakage exists, but a compromised cell phone isn't likely to knock over an entire corporate network, says Rodney Thayer, a private network security consultant at Canola & Jones and a Network World Lab Alliance member. "I'm not sure I would have put it at Level 1, but I wouldn't be running around crying we have an immediate, incredible crisis either."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News