[<prev] [next>] [day] [month] [year] [list]
Message-ID: <freemail.20040705161608.2744@fm2.freemail.hu>
From: etomcat at freemail.hu (Feher Tamas)
Subject: PDAs under attack: Brador is the first WinCE backdoor
http://www.kaspersky.com/news?id=151142122
PDAs under attack
Kaspersky Labs has detected Backdoor.WinCE.Brador.a, the first
backdoor for PDAs running under PocketPC (based on Windows CE).
Brador is a classic Trojan backdoor program: it opens the infected
machine for remote administration. Brador is 5632 bytes in size and it
infects handhelds running Pocket PC.
After the backdoor is launched, it creates an svchost.exe file in the
Windows autorun folder, thus maintaining full control over the system
every time the handheld is turned on.
Brador then identifies the machine's IP address and sends it to the
author, informing him that the handheld is in the Internet and the
backdoor is active. Finally, Brador opens port 44299 and awaits further
commands.
Brador is created to allow the master full control over the infected PDA
via the port that the Trojan opens. Brador is programmed to upload
and download files and execute a series of further commands. Like all
backdoors, Brador cannot spread by itself: it can only arrive as an email
attachment, be downloaded from the Internet or uploaded along with
other data from a desktop.
"We were certain that a viable malicious program for PDAs would
appear soon after the first proof of concept viruses emerged for mobile
phones and Windows Mobile", commented Eugene Kaspersky, Head of
Anti-Virus Research at Kaspersky Labs, "WinCE.Brador.a is a full-scale
malicious program ready to go: unlike proof of concept malware, Brador
has a complete set of destructive functions typical for backdoors."
According to information received by the Kaspersky Virus Lab, Brador
was probably written by a Russian virus coder. The Trojan was
attached to an email with a Russian sender address and Russian text
inside.
Interestingly enough, the author is offering to sell the client part for the
Trojan to all interested parties, which means that there is a real chance
that the backdoor may be bought by somebody who will use it
commercially (bot network creation, for instance). Virus writers are
turning professional with a vengeance.
"PDA users face a real danger and we can be sure that the computer
underground will snatch at the chance to attack PDAs and mobile
phones in the nearest future," added Eugene Kaspersky, "malware
development for mobiles is passing through the same stages as
malware for desktops: we will probably see a serious outbreak of
viruses for handhelds sometime soon."
Kaspersky Labs has already updated the antivirus databases with
protection against Brador. A detailed description of Brador is available
in the Kaspersky Virus Encyclopedia. See:
http://www.viruslist.com/eng/viruslist.html?id=1984055
Powered by blists - more mailing lists