PDA virus found in the wild

PC World - Antivirus companies have been warning for years that viruses will afflict handheld devices, and the day has apparently arrived: Both Symantec Corp. and Kaspersky Labs Ltd. have detected a backdoor Trojan horse program that can give an attacker complete control over a Pocket PC mobile device.
What's more, the antivirus firms don't have quick cures for PDA viruses like the data definitions they update for PCs when new viruses surface. Symantec and other antivirus companies do offer antivirus applications for mobile devices; the companies have previously tested such tools against viruses in the lab, such as the Dust virus developed last month.
But for systems infected with the so-called Brador virus, Symantec recommends deleting the /Windows/StartUp/svchost.exe file in the Windows CE operating system and completely reinstalling the operating system and applications.
"It's one of the first backdoor Trojans we've seen for Windows CE," said Oliver Friedrichs, a senior manager at Symantec Security Response. "It's not really widespread. We've only seen one instance at this point. But it does show where attackers are going."
Symantec is calling the virus Backdoor.Brador.A; Kaspersky Labs, which also issued an alert, has dubbed it Backdoor.WinCE.Brador.a. The pest is 5,632 bytes in size, so it can easily spread through e-mail or as a download from a Web site to a PDA. Kaspersky Labs suspects that Brador was written by a Russian coder, since it was discovered in an e-mail with Russian text.
Once Brador runs, it copies itself to the svchost.exe file in the Windows autorun folder and seizes control over the system after a restart. "It would give them total control if it got on," said Phebe Waterfield, an analyst at The Yankee Group.
"It e-mails the attacker your IP address," said Friedrichs. "The attacker can then connect back, access the back door, look at your files, download the files or even upload other malicious code."
Because of the limited nature of Brador's dissemination, Symantec rated it a Level 1 threat (on a scale from 1 to 5, with 5 being the greatest). "It's not going to spread itself," Waterfield said. "But it's setting a very scary precedent. It's fulfilling a prediction that the security folks have had for a long time -- that the threats on desktops are going to spread to these kinds of devices."
The big problem is that Windows CE and other operating systems for PDAs don't have the security capabilities of Windows XP, Waterfield said.
"The latest version -- Windows CE.Net -- does have more of these features, but with

Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2009 PC World Communications. All rights reserved.