Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Cross-infecting virus discovered

The first malware to cross-infect a PC and a Windows wireless pocket device has been discovered, the Mobile Antivirus Researchers Association (MARA) said today.

The proof-of-concept, file-destroying trojan, sent to the association anonymously, automatically spreads from a Win32 desktop to a Windows Mobile Pocket PC, the association said.

"With the growing use of hand-held devices, this type of virus may become very prevalent in the future," the association said in an advisory. "For viruses to be more effective, they need to spread across a wider range of devices, including wireless devices. This virus closes the gap between handhelds and desktops."

Jonathan Read of MARA said in an email interview today that previous "crossover" viruses could be found on Symbian operating systems – "and required either Bluetooth on the device and the PC, or the user had to physically transfer the virus on a memory card."

But this trojan is the first to use ActiveSync – a program that synchronizes files and other data between a Windows PC and a Windows Mobile device – to cross-infect a desktop and hand-held PC, Read said.

It also is the first crossover malware to infect the PC before attacking the mobile device.

"It doesn't rely on the chance that the user will use a memory card on both the device and the machine," he said. "Nearly all pocket PC users use ActiveSync, (so) it could be a huge threat."

If the handheld's current operating system is not Windows CE or Mobile, the virus copies itself, then waits for an ActiveSync connection, the mobile malware association said. Once detected, the virus copies itself on the pocket device and remotely executes the virus.

The payload erases all documents, then copies itself to the Windows directory and creates a shortcut to the copy in Windows startup, the association said. When the device is reset, the shortcuts execute their target files, allowing multiple copies of the virus to run.

Dave Cole, director of Symantec Security Response, said today that he expects hackers to continue to experiment with new platforms, such as mobile devices. He predicts such attacks gradually will become more financially motivated as users increase their reliance on hand-held computers in their daily lives.

"Give it a little while," Cole said. "As the money moves over to these other devices, and there's a financial motivation for these guys, you'll see a lot of activity."

A Microsoft spokesperson, said the computing giant could not confirm the virus.

"While we haven't seen an attack like this in the wild, Microsoft is constantly tracking and studying the evolving nature of online threats," the spokesperson said. "The security of our customers' information is a top priority at Microsoft, and we have invested considerable resources in the security of our products and processes."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.