First Pocket PC Virus Rears Its Head

Erika Morphy, www.enterprise-security-today.com

A new virus targets PDAs that run Microsoft’s Pocket PC operating system, according to reports from antivirus software firms.

Labeled “WinCE.Brador.a,” it is a Trojan attributed to a Russian hacker who likely created it for financial purposes — most likely for sale to spammers and hackers.

It follows on the heels of a proof-of-concept worm released by the elite hacker group 29A last month. Unlike that worm, called “Dust,” or “WinCE4.Dust,” Brador does indeed have a payload. Brador is a full-scale malicious program, according to Eugene Kaspersky, head of antivirus research at Kaspersky Labs. “It has a complete set of destructive functions typical for backdoors,” he says.

The Rundown on Brador

Once Brador.A is launched — either through a user downloading an infected e-mail attachment or from the Internet — it installs itself as a 5632-byte program on the device and then opens TCP port 2989 to wait for further instructions from the attacker, according to antivirus firm Symantec.

Risk of infection is low, and Symantec says it is a relatively easy virus to remove.

The Threat to Wireless

More worrisome to the antivirus community is the fact that such a virus has made its way into the wild. “We have been waiting for a while for a wireless threat to take off,” McAfee director of operations Joe Telafici told NewsFactor.

Indeed, signs point to a growing interest on the part of the hacker community. Earlier this summer, a similar proof-of-concept virus called “Cabir” was released; theoretically, it was able to attack cell phones. However, it did not leave the antivirus labs to which it was e-mailed. Cell phones are unlikely to be knocked down en masse by a virus, though, because of the wide range of hardware and software they use.

PDAs, however, are a different matter, Telafici said, as the code bases tend to remain stable, as does the OS. None of this should come as a surprise to Pocket PC owners, who no doubt have been waging battles against viruses on their desktops, says Graham Cluley, security consultant with the antivirus firm Sophos.

“There is always the potential of virus on other computing devices being infected that may not have been infected yet,” he told NewsFactor.