View Full Version : Pocket PC Virus – Nasty New Nuisance
Jonathon Watkins
08-06-2004, 01:00 AM
<div class='os_post_top_link'><a href='http://www.vnunet.com/news/1157131' target='_blank'>http://www.vnunet.com/news/1157131</a><br /><br /></div><i>"A virus that can allow hackers to take over PDAs running Microsoft's Pocket PC operating system has been created, antivirus company Kaspersky Labs has warned. The Trojan is thought to be the work of a Russian hacker who is trying to sell it for use by spammers or hacking groups. It affects all versions of Pocket PC. "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors," said Eugene Kaspersky, head of antivirus research at Kaspersky Labs, in a statement. "We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile.""</i><br /><br /> <img src="http://www.pocketpcthoughts.com/images/web/2003/PPC VIrus.jpg" /> <br /><br />And now it has. Great. Thanks a bunch guys. :? We <a href="http://www.pocketpcthoughts.com/forums/viewtopic.php?t=30116&start=0">posted</a> about the first proof-of-concept PPC virus a month ago, so it's not taken long for this to become a reality. The 'real' PPC virus is called 'Backdoor.WinCE.Brador.a' and is a Trojan which installs as a program and can be used to gain complete control of file uploads and downloads. It does this by sending the computer's IP address to the Trojan controller and then opens port 44299 to listen for instructions. For more details you can visit Kaspersky Labs <a href="http://www.kaspersky.com/news?id=151142122">here.</a> Just spiffy, we need anti virus programs to slow down our PPC like a cavity in the cranium. :|
mrkablooey
08-06-2004, 02:02 AM
would this come in as a typical PC virus, ie opening infected emails? it shouldn't be able to attach itself to a downloaded program, right?
Kevin Daly
08-06-2004, 02:14 AM
This is once again not much of a threat - it would amount to a self-inflicted injury (unlike blaster, for instance).
But I'm sure Kaspersky will milk it for all it's worth.
gorkon280
08-06-2004, 02:22 AM
It's not even a good virus or description of how you get it. This looks like a trojan that could be delivered either via a synced e-mail or a e-mail downloaded and still depends on the user executing that file. If you know better then you would not open it. One GOOD thing about having the main OS code in ROM is that all you have to do is a hard reset and it's gone. Delete your backups as they may be infected too and rebuild from scratch. I can believe that someone is doing this although there's no good reason to target a ppc. They are not ALWAYS connected to the internet unless you count the PPCPE's and then you still have to establish a GPRS connection. So their use would be limited. Also, if your on wifi, most likely you are also NATTED and hard to get to anyway. The possibility of needing antivirus on a PPC all the time is not too likely....now. What needs to be done soon is some serious locking down of the code looking for buffer overflow problems and other security holes and this needs done now before WinCE get's much bigger. Then in 5 years, Microsoft won't be delaying a service pack for PocketPC 2009.
One bad thought....how locked down is the XIP process of updating a rom? I hope it's locked down to the hilt as I would hate for a virus to infect the rom image! 8O
foldedspace
08-06-2004, 02:31 AM
I'm not worried. There are a lot more viruses for Macs and I've seen one infected machine in 10 years.
A friend of mine did infect 10 Classics back in 92 with something he downloaded, but my Axim doesn't take floppies.
ctitanic
08-06-2004, 02:39 AM
does Trojan mean are you stupid enough to download and run this program?
this virus does not have any way of transmision other than an email sent to you by somebody or that you went into one of those warez sites and download it. ;) So so far... I´m very happy with it from the point of view of a developer :D
Jonathan1
08-06-2004, 03:02 AM
All of this is all a "so far" type issue. Lets see how we are doing Fall of 2005 OK? Frankly I trust MS's trusted computing initiative as far as I can throw Bill Gates which is to say not a whole heck of a lot. At least on the Windows OS you have group policies; you have things you can tweak to secure and OS. What do you have on the Pocket PC other then the equivalent of Windows 9x for security. I foresee this becoming a full blown nightmare at some point, think BlueTooth to BlueTooth to WIFI to WIFI infections, thanks to MS's lack of dedication to security.
Trusted computing my ***. :evil:
ctmagnus
08-06-2004, 03:17 AM
Once activated it creates a file called svchost.exe in the Autorun directory
So get a program that has the ability to scan programs in the Startup directory (the Autorun directory doesn't actually exist) like MemMaid and use it.
Zack Mahdavi
08-06-2004, 03:28 AM
I don't think this virus will be that big of a deal. I really don't see it making any significant penantration into the Pocket PC market. And no, I'm not installing antivirus software on my PDA.
sponge
08-06-2004, 03:54 AM
Hear that sound? That's the sound of no one really caring, since this thing isn't a problem at all. God bless those AV labs, always willing to pretend like it's the end of the world.
Jeff Rutledge
08-06-2004, 03:55 AM
I'm not installing antivirus software on my PDA.
I'm not either...yet. Unfortunately it's likely that the day will come when we will need to. :cry:
Jonathan1
08-06-2004, 04:02 AM
I'm not installing antivirus software on my PDA.
I'm not either...yet. Unfortunately it's likely that the day will come when we will need to. :cry:
And hopefully by that time Linux will be a legit option. I don't foresee any must have app that can't be created on a Linux distro. The Pocket PC isn't there YET. It’s not like Windows where I NEED to run Office 2000, where I don't want to spend 2 weeks setting up and figuring out Linux. IMHO the handheld device and Linux seem to be made for each other. Pity it hasn't evolved as rapidly as the Pocket PC and Palm on the handheld.
Janak Parekh
08-06-2004, 04:21 AM
All of this is all a "so far" type issue. Lets see how we are doing Fall of 2005 OK? Frankly I trust MS's trusted computing initiative as far as I can throw Bill Gates which is to say not a whole heck of a lot.
This has very little to do with Trusted Computing, though. Let's say one gets a Linux PDA. Are they going to sit there managing permissions? 8O
--janak
felixdd
08-06-2004, 04:55 AM
The dahk side will milk this too.
"PalmOS has no viruses, unlike our major competitor"
sponge
08-06-2004, 05:52 AM
This has very little to do with Trusted Computing, though. Let's say one gets a Linux PDA. Are they going to sit there managing permissions? 8O
--janak
I ran Linux on my iPaq for 2 months, and not once did I have to touch anything relating to permissions.
Symantec have posted it as well:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.brador.a.html
manywhere
08-06-2004, 06:24 AM
This has very little to do with Trusted Computing, though. Let's say one gets a Linux PDA. Are they going to sit there managing permissions? 8O
--janak
I ran Linux on my iPaq for 2 months, and not once did I have to touch anything relating to permissions.
I think Janak is trying to say that on Linux (and *BSD, *nix) in general, most of the security is related to which permissions you have set on the file. This is more important when it comes to web pages and especially web (CGI, PHP, SSI) scripts, where you do not want to put the wrong permissions -- or you might be doomed if a cracker comes by... :|
On the other hand, I have to run permissions fix on my iMac once a month to keep it running smoothly. Otherwise it starts to get slower, and slower... Now that I think is a bit irritating.
Back to the topic: F-secure has gotten a picture of the virus code:
http://www.f-secure.com/virus-info/v-pics/brador1.jpg
and a pic of the trojan file in File Explorer:
http://www.f-secure.com/virus-info/v-pics/brador3.jpg
It seems it will not be long before we'll see reviews of virus programs for Pocket PCs, or ? :)
surur
08-06-2004, 08:37 AM
The last time the virus story came out, I said this (http://www.pocketpcthoughts.com/forums/viewtopic.php?t=30116&postdays=0&postorder=asc&highlight=virus&start=10):
Actually for those with connected devices (pocketpc phones specifically) these viruses are quite scary.
Everything that can be done traditionally to an internet connected pc can be done to a pocketpc. The virus could spread by e-mailing itself to all the contacts on your pocketpc as an attachment.
And that wouldn't be remotely useful as a way to spread the virus. I'd estimate 99% of the people in my contacts don't use Pocket PCs. The one way is if it carried a Win32 binary as well. Still, the low bandwidth of Pocket PCs makes this insanely inefficient.
It could cause you real financial damage by dialling premium rate numbers or connecting to GPRS and acting as a spam proxy. It could upload your flexwallet file, so some-one could hack the 10000 key combination at their leisure.
But neither of these are unique to a virus. Any piece of malware could do this.
The above scenarios are much more scary.
I think the one scenario that would possibly scare me is if someone pioneers a way to get the infection to go back via an ActiveSync conduit. 8O
--janak
and was told no-one would be interested in the bandwidth of a pocketpc. The person who developed this software is obviously not of the same opinion. I often visit xda-developers for my XDA 2, and have installed numerous hacks from that website to e.g unlock my phone from the service provider, unlock my hidden rom, hack my volume slider, make my bluetooth work etc. This was all done on trust, and the knowledge that no malware existed yet. This obviously changes everything, and any great purported hack uploaded to the site may very well be this trojan.
So yes, I do find this disturbing, and the rapid development from the proof of concept virus even more so.
Surur
wocket
08-06-2004, 10:30 AM
Hear that sound? That's the sound of no one really caring, since this thing isn't a problem at all. God bless those AV labs, always willing to pretend like it's the end of the world.
And Dogs and cats living to together etc etc.
The AV companies do a great job at exposing to the world all those possible security flaws and instrutions on how to exploit them and then sell us their software. Hell Norton Anti virus stlll can't fix Redlof.A But thats another rant by itself.
Jonathon Watkins
08-06-2004, 12:22 PM
Hear that sound? That's the sound of no one really caring, since this thing isn't a problem at all.
Glad to hear how you are so relaxed about it Sponge. Let us know how it works out for you. :wink: In the meanwhile, we thought that maybe, perhaps some other folks would, you know, like to learn about the potential issue. If that's OK? :wink:
freitasm
08-06-2004, 01:09 PM
It seems it will not be long before we'll see reviews of virus programs for Pocket PCs, or ? :)
Actually I posted about Symantec AV for handhelds (http://www.geekzone.co.nz/content.asp?ContentId=1448) back in Sept 2003... At that time the only virus in the list was EICAR (which is just the test string). Symantec have since them updated the virus list with the Dust (or Duts as they call it), and they're already releasing a new list soon with this new one...
I agree, a little too much FUD for now.
Jonathan1
08-06-2004, 01:38 PM
All of this is all a "so far" type issue. Lets see how we are doing Fall of 2005 OK? Frankly I trust MS's trusted computing initiative as far as I can throw Bill Gates which is to say not a whole heck of a lot.
This has very little to do with Trusted Computing, though. Let's say one gets a Linux PDA. Are they going to sit there managing permissions? 8O
--janak
Yes I'm aware "so far" that this is relegated to a trojan that is no more then a program masquerading as something else. I’m just waiting for the other shoe to drop. And yes I wish the Pocket PC was more locked down with an administrator mode. I have a feeling that is going to come back to bite us all in the butt in the long run.
Jonathan1
08-06-2004, 01:41 PM
It seems it will not be long before we'll see reviews of virus programs for Pocket PCs, or ? :)
Even if we do I will NEVER run AV software on my Pocket PC. NEVER. If I'm running a risk so be it. What next I need to run AV software on anything that runs Windows CE?!?!?
New from Symantec!! Norton Toaster protection 2007!!! Guard against those pesky viruses that may infect your new MS Smart Toaster.
Jason Dunn
08-06-2004, 03:37 PM
And hopefully by that time Linux will be a legit option.
What makes you think that if the whole world switched to using Linux PDAs tomorrow, that we wouldn't see viruses for them?
Jonathan1
08-06-2004, 10:03 PM
Hear that sound? That's the sound of no one really caring
Be careful that you aren't mistaking that sound as nothing when in actuality it’s the distant run away train called Windows Security. And be careful you don't have your back turned to it les it runs you over when you least expect it. :roll:
Jonathan1
08-06-2004, 10:07 PM
And hopefully by that time Linux will be a legit option.
What makes you think that if the whole world switched to using Linux PDAs tomorrow, that we wouldn't see viruses for them?
For a virus to be useful it needs admin rights to do damage. Fortunately what we have here is a trojan not a virus. Linux by default gives user only Power User rights. Windows is wide open and AFAIK Windows Mobile doesn't even have file permissions. Let me ask a question. Can any program access the registry on the Pocket PC? If so I would say there isn't any security on the device at all.
freitasm
08-06-2004, 10:24 PM
And hopefully by that time Linux will be a legit option.
What makes you think that if the whole world switched to using Linux PDAs tomorrow, that we wouldn't see viruses for them?
How so true. People forget that the target is only good because of volume. Linux shouldn't be seem as the last frontier to security. Other non-MS software are also prone to security problems. Take Mozilla for example. Haven't security firms found security flaws on the program?
Jonathan1
08-07-2004, 09:00 AM
How so true. People forget that the target is only good because of volume. Linux shouldn't be seem as the last frontier to security. Other non-MS software are also prone to security problems. Take Mozilla for example. Haven't security firms found security flaws on the program?
Yes they have and it was to be expected. No one ever said Mozilla or any other piece of software is going to be bullet proof. Those who do are fools. However....Let me fire back with....
How many Palm's have been in the market for how many years without a single virus? :roll: again it comes down to what default rights a system has. AFAICT Windows Mobile is as secure as Windows 9x. Linux's default rights are pretty tight and make a virus a lot more difficult to do damage to a system. Even on a 2K system it is possible to lock the system down to the extent and setup the RUN AS option to keep your typical virus at bay. I’m not trying to get off onto a tangent by complaining about MS’s other OS’s but to make the point that until the system is locked down by default we are going to be at the mercy of virus writers. Now obviously a secure and locked down file system and default user rights will not in any way shape or form guarantee that a virus won’t ravage your system but it will go a long way towards making it a safer environment.
Again MS’s goals are pretty clear. Compatibility first. Features second. Security third. This is starting to change with the desktop. When or will we see the same on the PDA?
PS- Get back to me in a year with Mozilla FireFox and lets do a scorecard comparison after its been out of beta (You do realize its still beta software RIGHT?) and has been in the public for a year. I’d like to compare the number of patches that will have been released for FireFox 1.0 to that of IE 6 since its release. I know for a fact that the list on IE 6 is as long as my arm.
Jonathon Watkins
08-07-2004, 09:15 AM
How many Palm's have been in the market for how many years without a single virus? :roll:
Because of the single threading, Palm's can't run viruses (http://www.infosyncworld.com/news/n/5203.html) (so easily). So, the first time the Zen of Palm actually works. :lol:
freitasm
08-07-2004, 11:37 AM
How so true. People forget that the target is only good because of volume. Linux shouldn't be seem as the last frontier to security. Other non-MS software are also prone to security problems. Take Mozilla for example. Haven't security firms found security flaws on the program?
PS- Get back to me in a year with Mozilla FireFox and lets do a scorecard comparison after its been out of beta (You do realize its still beta software RIGHT?) and has been in the public for a year. I’d like to compare the number of patches that will have been released for FireFox 1.0 to that of IE 6 since its release. I know for a fact that the list on IE 6 is as long as my arm.
Hmmm. I'm talking about Mozilla, not Mozilla Firefox. AFAIK Mozilla 1.7 was supposed to be their stable version - which for me means it shouldn't be treated as beta anymore. And besides that, I still try to understand why companies never release THE final software. Take ICQ for example. Why is it always "beta" and never final? Same with Mozilla. Will it be final one day?
But this discussion is more theorical about software development and market than virus itself, so I'll part now.
kahchong
08-19-2004, 09:40 AM
I believe sooner or later, this pocket pc trojan virus creator will be caught and dealth with seriously.
This creator is just trying to be funny for us pocket pc users.
Therefore, you guys need not worry.
Actually, it's not as powerful as the desktop pc 'W32blaster.worm' and if anyone's pocket pc really got infected by the trojan worm, you can just hard-reset it and then it is back to normal.
Kah Chong.
Darius Wey
08-19-2004, 12:36 PM
Actually, it's not as powerful as the desktop pc 'W32blaster.worm'
It won't ever be because as far as I can see into the future, the PC user database will always remain larger and more widely used and accessible than that of the PPC user database. Blaster, and other similar worms, aimed to target all unpatched PC users out there, and because its target amounts to millions of computers worldwide, the damage caused is catastrophic. When we look at the PPC world, not many people have PPCs compared to that of PCs, so if there was to be any huge PPC virus outbreak, the impact would be minimal and would yield no satisfaction to the virus creator.
vBulletin® v3.8.9, Copyright ©2000-2019, vBulletin Solutions, Inc.