08-06-2004, 01:00 AM
|
|
Swami
Join Date: Feb 2004
Posts: 4,303
|
|
Pocket PC Virus � Nasty New Nuisance
"A virus that can allow hackers to take over PDAs running Microsoft's Pocket PC operating system has been created, antivirus company Kaspersky Labs has warned. The Trojan is thought to be the work of a Russian hacker who is trying to sell it for use by spammers or hacking groups. It affects all versions of Pocket PC. "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors," said Eugene Kaspersky, head of antivirus research at Kaspersky Labs, in a statement. "We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile.""
And now it has. Great. Thanks a bunch guys. :? We posted about the first proof-of-concept PPC virus a month ago, so it's not taken long for this to become a reality. The 'real' PPC virus is called 'Backdoor.WinCE.Brador.a' and is a Trojan which installs as a program and can be used to gain complete control of file uploads and downloads. It does this by sending the computer's IP address to the Trojan controller and then opens port 44299 to listen for instructions. For more details you can visit Kaspersky Labs here. Just spiffy, we need anti virus programs to slow down our PPC like a cavity in the cranium. :|
|
| |
|
|
|
08-06-2004, 02:02 AM
|
|
Philosopher
Join Date: May 2004
Posts: 597
|
|
would this come in as a typical PC virus, ie opening infected emails? it shouldn't be able to attach itself to a downloaded program, right?
|
| |
|
|
|
08-06-2004, 02:14 AM
|
|
Theorist
Join Date: Sep 2003
Posts: 307
|
|
This is once again not much of a threat - it would amount to a self-inflicted injury (unlike blaster, for instance).
But I'm sure Kaspersky will milk it for all it's worth.
|
| |
|
|
|
08-06-2004, 02:22 AM
|
|
Philosopher
Join Date: Apr 2004
Posts: 545
|
|
Stupid.....
It's not even a good virus or description of how you get it. This looks like a trojan that could be delivered either via a synced e-mail or a e-mail downloaded and still depends on the user executing that file. If you know better then you would not open it. One GOOD thing about having the main OS code in ROM is that all you have to do is a hard reset and it's gone. Delete your backups as they may be infected too and rebuild from scratch. I can believe that someone is doing this although there's no good reason to target a ppc. They are not ALWAYS connected to the internet unless you count the PPCPE's and then you still have to establish a GPRS connection. So their use would be limited. Also, if your on wifi, most likely you are also NATTED and hard to get to anyway. The possibility of needing antivirus on a PPC all the time is not too likely....now. What needs to be done soon is some serious locking down of the code looking for buffer overflow problems and other security holes and this needs done now before WinCE get's much bigger. Then in 5 years, Microsoft won't be delaying a service pack for PocketPC 2009.
One bad thought....how locked down is the XIP process of updating a rom? I hope it's locked down to the hilt as I would hate for a virus to infect the rom image! 8O
|
| |
|
|
|
08-06-2004, 02:31 AM
|
|
Thinker
Join Date: Mar 2004
Posts: 332
|
|
I'm not worried. There are a lot more viruses for Macs and I've seen one infected machine in 10 years.
A friend of mine did infect 10 Classics back in 92 with something he downloaded, but my Axim doesn't take floppies.
|
| |
|
|
|
08-06-2004, 02:39 AM
|
|
Oracle
Join Date: Mar 2005
Posts: 980
|
|
does Trojan mean are you stupid enough to download and run this program?
this virus does not have any way of transmision other than an email sent to you by somebody or that you went into one of those warez sites and download it.  So so far... I�m very happy with it from the point of view of a developer 
|
| |
|
|
|
08-06-2004, 03:02 AM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
All of this is all a "so far" type issue. Lets see how we are doing Fall of 2005 OK? Frankly I trust MS's trusted computing initiative as far as I can throw Bill Gates which is to say not a whole heck of a lot. At least on the Windows OS you have group policies; you have things you can tweak to secure and OS. What do you have on the Pocket PC other then the equivalent of Windows 9x for security. I foresee this becoming a full blown nightmare at some point, think BlueTooth to BlueTooth to WIFI to WIFI infections, thanks to MS's lack of dedication to security.
Trusted computing my ***. :evil:
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
08-06-2004, 03:17 AM
|
|
5000+ Posts? I Should OWN This Site!
Join Date: Aug 2006
Posts: 5,616
|
|
Quote:
|
Once activated it creates a file called svchost.exe in the Autorun directory
|
So get a program that has the ability to scan programs in the Startup directory (the Autorun directory doesn't actually exist) like MemMaid and use it.
__________________
iPhone 4! ☠☠☠ Mid-2010 15" MacBook Pro! ☠☠☠ Gateway LT2102h! ☠☠☠ Dell XPS M1210!
|
| |
|
|
|
08-06-2004, 03:28 AM
|
|
Pontificator
Join Date: Mar 2004
Posts: 1,055
|
|
I don't think this virus will be that big of a deal. I really don't see it making any significant penantration into the Pocket PC market. And no, I'm not installing antivirus software on my PDA.
|
| |
|
|
|
08-06-2004, 03:54 AM
|
|
Philosopher
Join Date: Jul 2003
Posts: 541
|
|
Hear that sound? That's the sound of no one really caring, since this thing isn't a problem at all. God bless those AV labs, always willing to pretend like it's the end of the world.
|
| |
|
|
|
|
|
|
Linear Mode
