Thread: McAfee: Trojan targets Windows Mobile
View Single Post
  #8 (permalink)  
Old 02-28-2008, 03:24 PM
TC1's Avatar
TC1
Regular 'Geeker
Offline
Location: New York
  
Join Date: Aug 2007
Posts: 283
Reputation: 10
TC1 is a n00b
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
US-CERT Warns of Microsoft Windows CE Trojan
http://www.eweek.com/index2.php?opti...ge=0&hide_js=1

The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.

The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.

According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.

The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.

"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.

The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.

Here are some characteristics of the Trojan:

Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.

The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.

The Trojan was first discovered in the wild in China.

The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.
Reply With Quote