US-CERT Warns of Microsoft Windows CE Trojan
By Ryan Naraine
2008-02-26
The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.
The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.
According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.
The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.
"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.
The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.
Here are some characteristics of the Trojan:
Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.
The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.
The Trojan was first discovered in the wild in China.
The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.
Click to expand...
Click to collapse
Source
Check your phones, people.
There has been at least one other WinCE virus, so this is not necessarily new "news". Although it's a much smaller user base, Windows Mobile is a very, very easy platform to abuse maliciously (much like Windows generally, unfortunately).
In normal day to day use you're unlikely to encounter such malware. However, use of warez is going to massively increase your chance of running into this type of stuff, either on your PC or your PPC.
Drive by infections on this platform are still rare, so use good computer hygiene and you should be generally safe, but there is very little to stop programmers abusing your devices in any way they want to, so be wary, even when downloading random stuff from this and other sites!
V
Since this affects Windows CE (Windows Mobile in general?) I guess it affects not only PPC but Smartphones (WM Standard) aswell?
Related
I am curious as to what legal issues surround upgrading Pocket PC firmware.
Well, the companies that write it don't like the developers (ie here) modifying it for their own ends. Trademark, Copyright, Infringments and all that.
As a start anyway, as you chose to post at 0231AM
But isn't Windows CE open source?
Nope, it's owned by a company called Microsoft.
aka Microsoft Windows CE
i believe it's "shared Source" with the hardware developers from hp/htc and such
It ain't a shared or open source. It is completely owned by Microsoft and hTC and other companies just have license to use it on the devices they make.
But who cares about it? You paid and bought the device. Simply make it however you want it to work for you
Regards,
Carty..
some of it is "shared source"
http://www.microsoft.com/resources/sharedsource/Licensing/WindowsCE.mspx
Rudegar said:
some of it is "shared source"
http://www.microsoft.com/resources/sharedsource/Licensing/WindowsCE.mspx
Click to expand...
Click to collapse
• The Public / Sample Shared Source Code is automatically installed with the Windows Embedded CE Toolkit (Platform Builder) once you accept the license terms in the Windows Embedded CE Toolkit EULA.
• The Private Shared Source Code is an optional component of the Windows Embedded CE Toolkit that can be installed during the setup process. You must electronically accept the terms and conditions of the Windows Embedded CE 6.0 Shared Source license agreement before you can install the source code.
Click to expand...
Click to collapse
You will also want to read Microsofts Terms and Conditions for this.
yes thats why i put "" around the shared source when i wrote it
"New mobile virus goes 'old school'
"A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location.
The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.
Advertisement
When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use.
"This was a bit odd since companion viruses used to be more popular in the days of DOS and we haven't seen too many on newer platforms," wrote McAfee researcher Jimmy Shah in a blog posting.
Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to rewrite its own code to avoid detection by security software."
More info: http://www.vnunet.com/vnunet/news/2230514/mobile-virus-goes-old-school
Maybe it's about time to load an antivirus app just to be on the safe side??? I've not bothered with one because I'm afraid it'll slow down my device but if I can have one that can have the realtime scanner disabled when I want it would be great.
Are there any WinMo AV's out there? I have yet to see one...
As long as you do not surf untrusted websites like porn, your device is almost impossible to be infected.
I wonder what the "payload" of the virus is?
Hi Guys,
Is this sort of protection necessary? Have you or anyone you know that uses Windows Mobile had problems with a virus on their device? It seems that this product is aimed more at the corporate user who carries sensitive information on their device.
I have been using mobile platforms since Windows 2003 SE and never encountered any issues with viruses, however i have now a HTC Touch HD with WM6.1 and since it's getting more advancd everyday, I'm kind of worried if there is anyvirus which can damage my device. I'm not worried for data loss, because I sync with MS Outlook and both verison (Outlook and Mobile device) are syncronized on a daily basis, so I have a backup. I'm also trying the beta version on microsoft "My Phone".
For the vast majority of people, compeletely unnecessary. At this point there are very few viruses written for mobile platforms. I think you can count the total (all platforms, not just WinMo) on one hand. You'd just be taking up valuable resources on your device. I suppose if you do all your banking, have alot of critical / private info stored on your device, and install anything / everything you come across... then maybe.
aldana said:
Hi Guys,
Is this sort of protection necessary? Have you or anyone you know that uses Windows Mobile had problems with a virus on their device? It seems that this product is aimed more at the corporate user who carries sensitive information on their device.
I have been using mobile platforms since Windows 2003 SE and never encountered any issues with viruses, however i have now a HTC Touch HD with WM6.1 and since it's getting more advancd everyday, I'm kind of worried if there is anyvirus which can damage my device. I'm not worried for data loss, because I sync with MS Outlook and both verison (Outlook and Mobile device) are syncronized on a daily basis, so I have a backup. I'm also trying the beta version on microsoft "My Phone".
Click to expand...
Click to collapse
If you would use search button you would find this: http://forum.xda-developers.com/showthread.php?t=386490 and this http://forum.xda-developers.com/showthread.php?t=317441&highlight=antivirus, and probably more threads!
Cheers
Absolutely not. I'm pretty paranoid, so I bought a one year license for Norton Smartphone Security, and after almost 8 months of use, I realized that the only thing it had done to my device was slow it down. One feature of NSS is the ability to see every virus definition it had in its database. You want to know how many viruses there were in its definitions? About 12, maybe a couple more by now.
And after reading up about each one on Symantec's site, I learned that most of them affected Symbian phones, and the viruses were from obscure sites you shouldn't go to anyway. So unless you go to every site in the Internet, run every file you find you can download, and then somehow disable hard resetting in the event you get a virus, there is no reason you would need any mobile Anti-Virus.
Dave
PFW
I agree that today there's no much risk at all...but i use it mostly because of the personal firewall...i think today there are more chances to be hacked when you are connected to a network than being affected by a virus....so i use it with real-time scan disable and personal firewall enabled....
as virus's don't port
nobody bother sending
virus's for mobile to random
mail addys hoping they happened to
be opened on a wm device
the market is still too small
same deal with infecting sites with viral
so wm users get it also most people here
don't use Pie because it's a rather poor browser
I personally see the few wm virus's as more like
proof of concept then anything else
a few weeks ago when they had their security
thingy and they hacked all the browsers pretty fast
nobody did managed to hack the mobile devices
why?
because they're just soo much more secure then desktops?
or
because they're still too few for them to bother doing the work to find
the holes?
I think the later
some day it will be impotent but not yet
If your a member to this site chances are that you are flashing, ehem flashing often, so if this is the case you needn't fear. If the a virus where to be inseminated into your little device---Simply hardreset and start anew. My 2 cents. Even if i had a virus scanner and a virus was indeed detected and disposed of, I would still hard reset. Therefore pocket virus scanners are superfluous in the pocket oc world. Just hardreset it and forget it!
With all the MMS I get forwarded, it's cheap insurance. Symantec can't even support WM6.1, so I haven't bothered trying with 6.5. There are others, however, that seem to be quite stable with both WM versions, and take up little resources.
i have a touch hd and i was stupid enough to get a virus by downloading games and themes by torrents (thats my punishment for doing somthing illegally) anyway symptoms include: changing dates and times on the clock which means all my messages and calls where all mixed up, intermittently blanking my phone book (but the numbers were not wiped off the sim) i just couldn't see them, the storage card wouldn't show up, the battery would go flat in 3hours with absolutely nothing going and the phone was freakin slow took 5min to get into my photos. it turnes out there was a hidden file installed on the phone as autorun.inf you delete it then the phone works but it comes back to terrorize you.
avg pop up as soon as i connected the phone to the pc.
that sounds more like your phone was screwed.
A virus written for a phone will not run on a PC as its a "diferent language" and api's etc. It would be very suprising of AVG desktop to detect a windows mobile virus on a phone....
If your computer is infected with a virus, the first thing that you need to do is to run the best virus removal software that can be downloaded for free from the internet or can be purchased to remove virus. Some sophisticated virus totally disables any anti-virus software and a few of the malware variants will also try to block you from downloading any anti-virus software. Antivirus software is a requirement for users of windows operating system. Viruses can be avoided by practicing safe habits as well but no matter how safe you stay sophisticated viruses are developed everyday looking for ways to infect your system.
Norton removal tool, norton account, norton support, symantec support, norton customer service, norton uninstaller, norton phone number, norton 360 support, symantec removal tool,norton antivirus phone number, norton number, norton customer service number, norton support number, norton renewal, norton phone support.
Hello guys,
Finally, I decided to post my question here because I couldn't find any useful information online. What is the problem?
We are looking for a management solution for our Android devices, which can support deploying AD-based user e-mail certificate. We are obligated to deploy a solution for signing and encrypting e-mails. We have AD CA in our windows domain which works ok. The user has to logon, open Outlook, Open the settings and the certificate is there, ready to use. Which for most of the users is ok. The problem is with the mobile devices (Android). We've tested TrendMicro Mobile Security (it is more antivirus as management tool), Sophos Mobile (looks pretty ok, containers etc.) but still can't deploy automatically the user e-mail certificate, We've checked as well XenMobile but there is as well an option only for device certificate. In most cases (solutions), the user should open the AD CA page, generate certificate, download it, deploy it, and then use, which is very difficult for most of the non-technical users and it is as well a security issue. Is there a solution to do this automatically?
I see that there are a lot of management tools for Android but it will be enormous work to test all of them.
So, does someone already did such thing and which tool was used?
Thanks in advance