Kaspersky Lab has detected a "Backdoor.WinCE.Brador.a" - the first program-backdoor for PDAs PocketPC based on Windows CE. "WinCE.Brador.a" - remote administration tool size 5632 bytes, striking a PDA running Windows CE. Once launched, the backdoor creates a file called svchost.exe in the directory run Windows, thus gaining full control of the system each time the PDA. Backdoor defines the IP-address of the infected system and sends it by e-mail to the author, informing him that the CCP is on the network and the backdoor is active. After that, it opens port 44299 to receive various commands.
The main function of WinCE.Brador.a - open ports on infected machines in order to get attackers access to a PDA and a full control over your mobile device. The program has a function of the startup and remote control, in addition, it can add or delete files on your hard disk, and send them to the attacker. The backdoor has the functions self-propagation, and can get to the PDA user in the guise of other harmless software, according to the classical scheme for the Trojans: infected attachments in e-mails and downloading via the Internet, as well as when transferring data from a desktop computer.
"The discovery of the first Trojan for PDAs confirms our fears expressed recently by the emergence of conceptual viruses for mobile phones and the operating system Windows Mobile", - says Evgeny Kaspersky, head of antivirus research at Kaspersky Lab. - "WinCE.Brador.a - full malware, here we are not talking about virus writers demonstrate their capabilities, we can observe a set of destructive functions typical for the majority of backdoors."
It is clear that Kaspersky Lab is interested in selling its antivirus product, but also completely ignore the warning, we would not recommend it. Sooner or later the situation with an internet connection PDAs and smartphones are closer to the one we have today with personal computers, so it's time to at least brush up on the rules of "computer hygiene" - do not run you receive from untrusted sources, the program not to open suspicious documents etc.Well, after all, have still to establish one or another anti-virus not only on PCs, but also on a PDA / smartphone.
Riposte - not yet on mobile devices
Worm Witty Worm was first registered on March 20, "imprisoned" by BlackIce (module exploits a vulnerability analysis protocols) and is characterized by pronounced destructive qualities. This "disembodied" worm (exists only as a process in memory), sends itself to those found in computer IP-address, but in between these beneficial occupation of the erasure of the random parts of the system drive garbage blocks of 64 KB. After a couple of hours of such activity OS Windows is doomed - appearing for no apparent reason "blue screens of death" will be forced to reinstall the system. Around the world suffered about 12 thousand computers, by some estimates - almost all protected BlackIce PC owners have not taken care of within two weeks to download the update program. Attack took less than an hour, and the "worm" literally shook professionals flawless performance: unlike all the other viruses in the network code Witty Worm was not found a single error. At present, experts have prepared a detailed analysis of this landmark (in their view) of an event, a description of "hostilities" reads like a detective story (an English version of the report can be viewed here)