10-15-2004, 03:00 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Reverse-Engineering the First Pocket PC Trojan
"Recently we were the first to provide a detailed analysis and fix for WinCE4.Dust, the inaugural Pocket PC virus. We also gave the first detailed analysis of Mosquito, the inaugural Symbian Trojan horse. Now we're going to present a detailed analysis of Brador, the inaugural Trojan horse for the Windows Mobile operating system. We weren't the first to discover Brador. We actually had a difficult time getting our hands on it. The author of WinCE4.Dust sent it to all antivirus (AV) companies, including ours (Airscanner). However, Brador was written by a different author, from Russia, who reportedly released it to only a select few "big" AV companies. As a smaller company that focuses exclusively on Windows Mobile antivirus software, we were left out in the cold."
This is an interesting, albeit technical, read on what is likely to become a bigger problem on Pocket PCs as they grow more connected. Three of the authors of this article also wrote a previous article on WinCE4.Dust. I'm not installing an antivirus and/or firewall on my Pocket PC yet, but I'll closely be watching as this field continues to grow.
|
| |
|
|
|
10-15-2004, 04:45 PM
|
|
Intellectual
Join Date: Mar 2004
Posts: 241
|
|
ya know... if it gets to the point where I ever have need to install LavaSoft Adaware Mobile Edition, BlackIceCE and Norton Mobile SysUtilities 2005 on my iPaq . . . I will seriously consider swapping over to a *nix distro. Hopefully by that possible eventuality Opie or Familiar will be more concrete and feature ridden. :?
|
| |
|
|
|
10-15-2004, 05:16 PM
|
|
Oracle
Join Date: Mar 2005
Posts: 980
|
|
This guys just opened a Pandora Box, publishing that code all they are doing is a big business. They are sending a message to all amateur virus programmers "hey guys, here is the code, learn from it and create your own variants" Of course that's good for them because they are the one in charge of catching the new virus with their antivirus and make money of it.
Would be good if somebody sude them under the fact that using the information released by them a company lost some vital information.
:evil:
This is a prove of concept: "the virus exist because the AV company support them".
|
| |
|
|
|
10-15-2004, 07:27 PM
|
|
Philosopher
Join Date: Jan 2004
Posts: 589
|
|
Quote:
|
Originally Posted by ctitanic
This guys just opened a Pandora Box, publishing that code all they are doing is a big business.
|
I think I missed the part where they showed the code...
|
| |
|
|
|
10-15-2004, 07:32 PM
|
|
Oracle
Join Date: Mar 2005
Posts: 980
|
|
It's in the page 4 of the second part. This is unethical and more coming from a person who own an Antivirus company. I never have seen something like that. It's like he is telling other teenagers "here you have the code guys, create new variants" while in another hand he was during the whole article advertising his AV. Really very unethical. I never have seen any big AV company doing something like that. They are supposed to help us and by doing that they are officially posting the code that will allow other to create new versions and variants of the same virus.
|
| |
|
|
|
10-15-2004, 08:00 PM
|
|
Philosopher
Join Date: Jan 2004
Posts: 589
|
|
Yea, this is bad karma no matter how it's looked at. It's one of the worse applications of the marketing axiom, "If you can't fulfill a need, create a need".
|
| |
|
|
|
10-15-2004, 08:04 PM
|
|
Oracle
Join Date: Mar 2005
Posts: 980
|
|
Quote:
|
Originally Posted by adwignall
Yea, this is bad karma no matter how it's looked at. It's one of the worse applications of the marketing axiom, "If you can't fulfill a need, create a need".
|
I went in to informit and requested to pull out the code from the article. And I believe that other should do the same to let them know that means "ethics"
If some of us do the same I'm sure they will pull it out and that is going to safe all of us a lot of problems in the future.
|
| |
|
|
|
|
|
|
Linear Mode
