PDAs under attack: Brador is the first WinCE backdoor

[Feher Tamas <etomcat () freemail hu>]

http://www.kaspersky.com/news?id=151142122

PDAs under attack

Kaspersky Labs has detected Backdoor.WinCE.Brador.a, the first 
backdoor for PDAs running under PocketPC (based on Windows CE).

Brador is a classic Trojan backdoor program: it opens the infected 
machine for remote administration. Brador is 5632 bytes in size and it 
infects handhelds running Pocket PC.

After the backdoor is launched, it creates an svchost.exe file in the 
Windows autorun folder, thus maintaining full control over the system 
every time the handheld is turned on.

Brador then identifies the machine's IP address and sends it to the 
author, informing him that the handheld is in the Internet and the 
backdoor is active. Finally, Brador opens port 44299 and awaits further 
commands.

Brador is created to allow the master full control over the infected PDA 
via the port that the Trojan opens. Brador is programmed to upload 
and download files and execute a series of further commands. Like all 
backdoors, Brador cannot spread by itself: it can only arrive as an email 
attachment, be downloaded from the Internet or uploaded along with 
other data from a desktop.

"We were certain that a viable malicious program for PDAs would 
appear soon after the first proof of concept viruses emerged for mobile 
phones and Windows Mobile", commented Eugene Kaspersky, Head of 
Anti-Virus Research at Kaspersky Labs, "WinCE.Brador.a is a full-scale 
malicious program ready to go: unlike proof of concept malware, Brador 
has a complete set of destructive functions typical for backdoors."

According to information received by the Kaspersky Virus Lab, Brador 
was probably written by a Russian virus coder. The Trojan was 
attached to an email with a Russian sender address and Russian text 
inside.

Interestingly enough, the author is offering to sell the client part for the 
Trojan to all interested parties, which means that there is a real chance 
that the backdoor may be bought by somebody who will use it 
commercially (bot network creation, for instance). Virus writers are 
turning professional with a vengeance.

"PDA users face a real danger and we can be sure that the computer 
underground will snatch at the chance to attack PDAs and mobile 
phones in the nearest future," added Eugene Kaspersky, "malware 
development for mobiles is passing through the same stages as 
malware for desktops: we will probably see a serious outbreak of 
viruses for handhelds sometime soon."

Kaspersky Labs has already updated the antivirus databases with 
protection against Brador. A detailed description of Brador is available 
in the Kaspersky Virus Encyclopedia. See:
http://www.viruslist.com/eng/viruslist.html?id=1984055

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html