<div class='os_post_top_link'><a href='http://www.avertlabs.com/research/blog/index.php/2008/02/26/windows-mobile-trojan-sends-unauthorized-information-and-leaves-device-vulnerable/' target='_blank'>http://www.avertlabs.com/research/b...ice-vulnerable/</a><br /><br /></div><i>"A Window Mobile PocketPC trojan that disables Windows Mobile application installation security has been discovered in China. WinCE/InfoJack sends the infected device’s serial number, operating system and other information to the author of the trojan. It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The trojan modifies the infected device’s security setting to allow unsigned applications to be installed without a warning. The trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games."</i><br /><br /><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/500/spt/auto/1204148097.usr8.jpg" /><br /><br />Literally years after Pocket PC antivirus software hit the market, we finally might have one of the first potential trojans. The post is on Avert Labs, part of McAfee who, ahem, sells AV software. Skeptical hat aside, it is bothersome when software starts making changes without asking, regardless of how legitimate the intent of the software author. The website author where the "trojan" was found claims <i>"the software was just necessary to collect information on the types of mobiles used to access their site."</i> You can find out which behavior Avert Labs is concerned about <a href="http://www.avertlabs.com/research/blog/index.php/2008/02/26/windows-mobile-trojan-sends-unauthorized-information-and-leaves-device-vulnerable/">here</a>. The original website is no longer online due to a local law enforcement investigation. So, how many of you have AV installed on your mobile device or plan to use it in the future?

Did a lot of research on the topic, when I saw the first reports on it, and cocluded this:

A Chinese site closed by government is not unusual, but because it was a provider of malware? Bloody unlikely.

Reports on a site, that only McAfee knows about, and a piece of malware, that McAfee has the exclusive news on, makes me suspicius.

The article from McAfee is not very informative, only containing very old screencaps?

McAfee has sold its reliabillity, to boost its sale on an, so far, unneeded piece of software.

If you check this site, this forum, a long time ago, I said that AV are not needed so far in a PPC environment because the only reasonable scenarios for a virus attack was a trojan. I also said that if disabling some of the security registry keys - yes, because all that is saved in the registry- is enough to call a program a virus then there are many virus around at this moment because basically some of our PPC starting by the old x51v where configured by the OEM in a way that basically did not give the owner the chance to install anything in there.

This same settings but in a level more higher are the one used by the Phone companies to not allow the installation of any program in "their" phones. And there are many tools out there to break that security and gives people back the ownership of their phones.

Without disabling some of the security keys in Pocket PCs and Phones programs like PHM Registry Editor and Tweaks2k2 wont work properly. To make it clearly.

The AV issue in Pocket PC and SP is simple. You have to take responsibility about what you copy to your Device. Plain and simple. I never have installed an AV in any of my WM devices and so far I do not think that I gonna do it any time soon.

I 'authored' a couple of experimental data-wiping malware install files for PPC years ago - stuff that launched on soft reset and deprived the user of their RAM-based data - and I am not a programmer. So far, I have yet to see anything even that unsophisticated 'in the wild.' I joined MARA when invited to do so, primarily so I could keep well informed on malware developments. While things have happened, some a bit scary... nothing so far relaased has proven much of a real-world threat. A daily backup makes excellent insurance, in case something bad does, eventually, start spreading. Of course one must be sensible about what gets installed on any computer carrying important data. I have not installed any games or themes on my devices for a couple of years, largely out of caution. A secondary PPC is a different matter, but not on my business device.

This is a stupid thing that McFaee trying to promote. Installation security warning is ofcouse another stupid thing Microsofy bought into WM5 and later devices. Most users themselves make this go away by a registry hack and when this is done by an application, I don't think its a big security threat.

PS: What makes me scare is, if McAfee is trying to promote their product this way, they may themselves go ahead paying someone to create a virus in future.

Norton or Kaspersky is the best and I love Norton!

Regards,
Carty..

I had McAfee's PPC AV a few years ago, but it never found anything and I determined it to be an unnecessary drag on everything while synching, so I took it off.

What's the risk or harm with installing themes or any games? Didn't think that was a big deal, either.

It's not that any theme or game *is* dangerous... only that, historically, such things have proven more likely carriers of malicious code for the Win32 platform. SCR files as well, on PCs. Frivolous, popular stuff is likely to provide the more prevalent medium for PPC malware distribution.