Pocket PC Trojan Backdoor Detected

Moscow based Kaspersky Labs has detected a program, called Backdoor.WinCE.Brador.a, that can be used by potential virus authors to infect Pocket PCs. According to Kapersky, Brador is a classic Trojan backdoor program, in that it opens the infected machine for remote administration.

Brador is a small file (less than 6K in size) that typically arrives as an email attachment. Once launched, it creates a file called svchost.exe in the Windows autorun folder, sends the device's IP address to the author and opens port 44299. This enables the author to take full control of the system and send commands to the program, which has been programmed to perform tasks such as uploading and downloading files, including viruses.

"We were certain that a viable malicious program for PDAs would appear soon after the first proof of concept viruses emerged for mobile phones and Windows Mobile," commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. "WinCE.Brador.a is a full-scale malicious program ready to go. Unlike proof of concept malware, Brador has a complete set of destructive functions typical for backdoors."

According to information received by the Kaspersky Virus Lab, Brador was probably written by a Russian virus coder. The Trojan was attached to an email with a Russian sender and Russian text inside. The author was offering to sell the client part for the Trojan to all interested parties, which means that there is a real chance that the backdoor may be bought by somebody who will use it commercially (bot network creation, for instance).

"PDA users face a real danger and we can be sure that the computer underground will snatch at the chance to attack PDAs and mobile phones in the nearest future," added Eugene Kaspersky, "malware development for mobiles is passing through the same stages as malware for desktops. We will probably see a serious outbreak of viruses for handhelds sometime soon."