"New mobile virus goes 'old school'
"A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location.
The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.
Advertisement
When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use.
"This was a bit odd since companion viruses used to be more popular in the days of DOS and we haven't seen too many on newer platforms," wrote McAfee researcher Jimmy Shah in a blog posting.
Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to rewrite its own code to avoid detection by security software."
More info: http://www.vnunet.com/vnunet/news/2230514/mobile-virus-goes-old-school
Maybe it's about time to load an antivirus app just to be on the safe side??? I've not bothered with one because I'm afraid it'll slow down my device but if I can have one that can have the realtime scanner disabled when I want it would be great.
Are there any WinMo AV's out there? I have yet to see one...
As long as you do not surf untrusted websites like porn, your device is almost impossible to be infected.
I wonder what the "payload" of the virus is?
Related
US-CERT Warns of Microsoft Windows CE Trojan
By Ryan Naraine
2008-02-26
The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.
The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.
According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.
The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.
"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.
The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.
Here are some characteristics of the Trojan:
Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.
The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.
The Trojan was first discovered in the wild in China.
The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.
Click to expand...
Click to collapse
Source
Check your phones, people.
There has been at least one other WinCE virus, so this is not necessarily new "news". Although it's a much smaller user base, Windows Mobile is a very, very easy platform to abuse maliciously (much like Windows generally, unfortunately).
In normal day to day use you're unlikely to encounter such malware. However, use of warez is going to massively increase your chance of running into this type of stuff, either on your PC or your PPC.
Drive by infections on this platform are still rare, so use good computer hygiene and you should be generally safe, but there is very little to stop programmers abusing your devices in any way they want to, so be wary, even when downloading random stuff from this and other sites!
V
Since this affects Windows CE (Windows Mobile in general?) I guess it affects not only PPC but Smartphones (WM Standard) aswell?
Hi Guys,
Is this sort of protection necessary? Have you or anyone you know that uses Windows Mobile had problems with a virus on their device? It seems that this product is aimed more at the corporate user who carries sensitive information on their device.
I have been using mobile platforms since Windows 2003 SE and never encountered any issues with viruses, however i have now a HTC Touch HD with WM6.1 and since it's getting more advancd everyday, I'm kind of worried if there is anyvirus which can damage my device. I'm not worried for data loss, because I sync with MS Outlook and both verison (Outlook and Mobile device) are syncronized on a daily basis, so I have a backup. I'm also trying the beta version on microsoft "My Phone".
For the vast majority of people, compeletely unnecessary. At this point there are very few viruses written for mobile platforms. I think you can count the total (all platforms, not just WinMo) on one hand. You'd just be taking up valuable resources on your device. I suppose if you do all your banking, have alot of critical / private info stored on your device, and install anything / everything you come across... then maybe.
aldana said:
Hi Guys,
Is this sort of protection necessary? Have you or anyone you know that uses Windows Mobile had problems with a virus on their device? It seems that this product is aimed more at the corporate user who carries sensitive information on their device.
I have been using mobile platforms since Windows 2003 SE and never encountered any issues with viruses, however i have now a HTC Touch HD with WM6.1 and since it's getting more advancd everyday, I'm kind of worried if there is anyvirus which can damage my device. I'm not worried for data loss, because I sync with MS Outlook and both verison (Outlook and Mobile device) are syncronized on a daily basis, so I have a backup. I'm also trying the beta version on microsoft "My Phone".
Click to expand...
Click to collapse
If you would use search button you would find this: http://forum.xda-developers.com/showthread.php?t=386490 and this http://forum.xda-developers.com/showthread.php?t=317441&highlight=antivirus, and probably more threads!
Cheers
Absolutely not. I'm pretty paranoid, so I bought a one year license for Norton Smartphone Security, and after almost 8 months of use, I realized that the only thing it had done to my device was slow it down. One feature of NSS is the ability to see every virus definition it had in its database. You want to know how many viruses there were in its definitions? About 12, maybe a couple more by now.
And after reading up about each one on Symantec's site, I learned that most of them affected Symbian phones, and the viruses were from obscure sites you shouldn't go to anyway. So unless you go to every site in the Internet, run every file you find you can download, and then somehow disable hard resetting in the event you get a virus, there is no reason you would need any mobile Anti-Virus.
Dave
PFW
I agree that today there's no much risk at all...but i use it mostly because of the personal firewall...i think today there are more chances to be hacked when you are connected to a network than being affected by a virus....so i use it with real-time scan disable and personal firewall enabled....
as virus's don't port
nobody bother sending
virus's for mobile to random
mail addys hoping they happened to
be opened on a wm device
the market is still too small
same deal with infecting sites with viral
so wm users get it also most people here
don't use Pie because it's a rather poor browser
I personally see the few wm virus's as more like
proof of concept then anything else
a few weeks ago when they had their security
thingy and they hacked all the browsers pretty fast
nobody did managed to hack the mobile devices
why?
because they're just soo much more secure then desktops?
or
because they're still too few for them to bother doing the work to find
the holes?
I think the later
some day it will be impotent but not yet
If your a member to this site chances are that you are flashing, ehem flashing often, so if this is the case you needn't fear. If the a virus where to be inseminated into your little device---Simply hardreset and start anew. My 2 cents. Even if i had a virus scanner and a virus was indeed detected and disposed of, I would still hard reset. Therefore pocket virus scanners are superfluous in the pocket oc world. Just hardreset it and forget it!
With all the MMS I get forwarded, it's cheap insurance. Symantec can't even support WM6.1, so I haven't bothered trying with 6.5. There are others, however, that seem to be quite stable with both WM versions, and take up little resources.
i have a touch hd and i was stupid enough to get a virus by downloading games and themes by torrents (thats my punishment for doing somthing illegally) anyway symptoms include: changing dates and times on the clock which means all my messages and calls where all mixed up, intermittently blanking my phone book (but the numbers were not wiped off the sim) i just couldn't see them, the storage card wouldn't show up, the battery would go flat in 3hours with absolutely nothing going and the phone was freakin slow took 5min to get into my photos. it turnes out there was a hidden file installed on the phone as autorun.inf you delete it then the phone works but it comes back to terrorize you.
avg pop up as soon as i connected the phone to the pc.
that sounds more like your phone was screwed.
A virus written for a phone will not run on a PC as its a "diferent language" and api's etc. It would be very suprising of AVG desktop to detect a windows mobile virus on a phone....
Hi I have seen quite a few anti virus programs aimed at the winmo platform and I was just wondering,are they necessary.
At least on my experience no antivirus needed so far...
Orb is quite right, they are simply a waste of money..... there have only been a couple of "virus" (if you can call them that) but were not a threat as they actually asked the user if they wanted to install it, so obviously the answer was no
I wanted to scan an .apk from my computer before I transfered it to my Droid. I was finding this impossible. But Netqin Online Virus Scan specifically says,
"NetQin Online Virus Scan is a free service to scan software packet for Mobile OS, such as Symbian S60, Android, KJava, and Windows Mobile (for “.sisx”, “.sis”, “ .apk”, “.jar” and “.cab” formats)."
http://scan.netqin.com/en/
Anyone know of other online scanners that work on .apk?
new link
zapjb said:
I wanted to scan an .apk from my computer before I transfered it to my Droid. I was finding this impossible. But Netqin Online Virus Scan specifically says,
"NetQin Online Virus Scan is a free service to scan software packet for Mobile OS, such as Symbian S60, Android, KJava, and Windows Mobile (for “.sisx”, “.sis”, “ .apk”, “.jar” and “.cab” formats)."
http://scan.netqin.com/en/
Anyone know of other online scanners that work on .apk?
Click to expand...
Click to collapse
This is the new wbsite link:
http://scan.nq.com/en/
If your computer is infected with a virus, the first thing that you need to do is to run the best virus removal software that can be downloaded for free from the internet or can be purchased to remove virus. Some sophisticated virus totally disables any anti-virus software and a few of the malware variants will also try to block you from downloading any anti-virus software. Antivirus software is a requirement for users of windows operating system. Viruses can be avoided by practicing safe habits as well but no matter how safe you stay sophisticated viruses are developed everyday looking for ways to infect your system.
Norton removal tool, norton account, norton support, symantec support, norton customer service, norton uninstaller, norton phone number, norton 360 support, symantec removal tool,norton antivirus phone number, norton number, norton customer service number, norton support number, norton renewal, norton phone support.