McAfee: Trojan targets Windows Mobile

[psiphi]

Was reading my morning tech news at Ziff and came across this:

http://blogs.zdnet.com/security/?p=904&tag=nl.e539

Which points to this as the source:

http://www.avertlabs.com/research/bl...ce-vulnerable/

Anyone here seen this trojan/virus in person?

[neodorian]

Never seen it. I usually only download from the creator's site anyway and not a 3rd party dl site. Come to think of it, I haven't seen a virus on my computer in about 4 or 5 years and even then they were always the annoying harmless kind that you just deleted.

[Pibe38]

I was coming to post about this as well... I read about it on WMExperts.

Quote:

This is the first “in the wild” Windows Mobile malware I can remember off the top of my head. It was discovered in China and written up over at McAfee. Basically if you downloaded a games pack (including Google Maps in that pack) from a certain Chinese website it installed a piece of software that did the following:

• Silently makes your smartphone accept unsigned applications
• Installs a hidden, difficult to remove program that sends your personal information back to home base
• Installs a copy of the malware on your memory card for further spreading.

The site has since been shut down (despite protests from the developer that he didn't mean to do anything evil). It's a bummer, though, I am not keen on installing anti-virus on my smartphone.

The InfoJack Trojan spreads by either tricking mobile users into installing seemingly legitimate application installation files or if punters inadvertently use an infected memory card on vulnerable devices. The malware has been spotted circulating in China. - Register

Anybody running anti-virus / anti-spyware on their smartphones? How's your performance?

Kinda scary we are getting there...

[psiphi]

I use the mobile edition of Spybot:Search and Destroy, but it only supports running manually...

[Genjinaro]

Damn, this was supposed to be the "hands off" platform, free of s#!t like that.

[Pibe38]

I think it's funny how the developer said he did not mean to do anything evil, yet this thing copies itself onto the SD card and sends your personal info to him...

[Genjinaro]

LOL I'm sure, he just simply wanted to get to know us better
...

[TC1]

http://www.eweek.com/index2.php?opti...ge=0&hide_js=1

The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.

The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.

According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.

The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.

"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.

The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.

Here are some characteristics of the Trojan:

Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.

The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.

The Trojan was first discovered in the wild in China.

The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.

[JimSmith94]

Quote:

Originally Posted by TC1

The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.

Is there even any anti-virus software available for mobile devices? I haven't heard of any.

[TC1]

Quote:

Originally Posted by JimSmith94

Is there even any anti-virus software available for mobile devices? I haven't heard of any.

Funny you should ask (actually, quite logical)....

I've had this debate for years with my counterparts in the IT industry... whether mobile device AV software is really necessary. If you remember, there was a Symbian platform (used by many non-Windows phones) virus a few years ago (read here: http://www.mobiledia.com/news/27141.html) and it got folks to think a lot about this subject. In my current corporate environment we us BlackBerries and a BB Enterprise Server setup, this creates a potential back door into the corporate email system if a mobile device becomes compromised. Microsoft is constantly building in more and more desktop-like functionality into it's mobile products (ie, Pocket Outlook, IE, Office, etc). So it's looking more and more like we have to secure mobile devices the same way we secure desktops, they have become viable endpoints for intrusion into networks.

So to answer your original question, here's one product for the mobile phone platform:
http://www.avast.com/eng/avast_4_pda.html

I can't endorse the product since I haven't had a chance to test it. But it's one of many products I'll probably start to evaluate as part of my job.

-TC