Database Info

ALERT: Windows CE Virus in the Wild!

US-CERT Warns of Microsoft Windows CE Trojan
By Ryan Naraine
2008-02-26
The WinCE/InfoJack Trojan hijacks the infected device's serial number, operating system and other information and uploads it to an attacker-controlled Web site.
The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.
According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.
The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device's serial number, operating system and other information and upload it to a Web site controlled by the attacker.
"It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning," McAfee said in a post on its Avert Labs blog.
The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.
Here are some characteristics of the Trojan:
Spreads via seemingly legitimate application installation files
Installs as an autorun program on the memory card
Installs itself to the device when an infected memory card is inserted
Protects itself from deletion by copying itself back to disk
Replaces the browser's homepage
Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.
The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.
The Trojan was first discovered in the wild in China.
The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.
Click to expand...
Click to collapse
Source
Check your phones, people.

There has been at least one other WinCE virus, so this is not necessarily new "news". Although it's a much smaller user base, Windows Mobile is a very, very easy platform to abuse maliciously (much like Windows generally, unfortunately).
In normal day to day use you're unlikely to encounter such malware. However, use of warez is going to massively increase your chance of running into this type of stuff, either on your PC or your PPC.
Drive by infections on this platform are still rare, so use good computer hygiene and you should be generally safe, but there is very little to stop programmers abusing your devices in any way they want to, so be wary, even when downloading random stuff from this and other sites!
V

Since this affects Windows CE (Windows Mobile in general?) I guess it affects not only PPC but Smartphones (WM Standard) aswell?

Another new Windows Mobile virus found!

"New mobile virus goes 'old school'
"A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location.
The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.
Advertisement
When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use.
"This was a bit odd since companion viruses used to be more popular in the days of DOS and we haven't seen too many on newer platforms," wrote McAfee researcher Jimmy Shah in a blog posting.
Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to rewrite its own code to avoid detection by security software."
More info: http://www.vnunet.com/vnunet/news/2230514/mobile-virus-goes-old-school
Maybe it's about time to load an antivirus app just to be on the safe side??? I've not bothered with one because I'm afraid it'll slow down my device but if I can have one that can have the realtime scanner disabled when I want it would be great.

Are there any WinMo AV's out there? I have yet to see one...

As long as you do not surf untrusted websites like porn, your device is almost impossible to be infected.

I wonder what the "payload" of the virus is?

Windows Phone Remote Server - Android?

I saw this really cool Windows Phone App called remote server. Very easy access to home files in a clean interface. Does anyone know of a similar Android application?

WHSPhone, if you have a WHS server of course

Pogoplug isn't a bad idea either www.pogoplug.com and it's free for certain items. $30.00 if you want to add streaming features etc...

Developing WP7 file Transfer app

Hi, I'm a final year Computer Science Student. My Final year project is to design a windows phone 7 app for transferring files from a remote database /sever to the windows phone device.
I have never been taught any C# or windows phone development. So far I have developed a windows phone 7 client app which connects to an SQL Server 2008 database, I can query the database from the app and return and display the text stored within the database tables. I am also able to store a picture in the database as binary data.
Can anyone advise me is it possible to store pdf and office documents within the SQL server database and download them to the windows phone 7 client and then open/view these files on the device. I believe that any files must be downloaded directly to isolated storage on the device but that there are restraints where that these files cannot be accessed by any other apps on the phone.
Any help or advice would be greatly appreciated..

It's possible to open supported media and documents (pictures, PDFs, etc.) from an app, I'm pretty sure (for example, see the SkyDrive app). I know that it's possible using native code and a couple of other mildly undocumented features. Using only official APIs... never tried, but I think it can be done (I'm just not sure how).
Unless you use the undocumented ID_CAP_FILEVIEWER capability in your app (or use one of a number of available hacks), your app will not have write permissions anywhere except in its isolated storage. Officially, one app can't access the isolated storage of another app, although the Office stuff may bend the rules somewhat.

Android Management Solution for User E-Mail certificate

Hello guys,
Finally, I decided to post my question here because I couldn't find any useful information online. What is the problem?
We are looking for a management solution for our Android devices, which can support deploying AD-based user e-mail certificate. We are obligated to deploy a solution for signing and encrypting e-mails. We have AD CA in our windows domain which works ok. The user has to logon, open Outlook, Open the settings and the certificate is there, ready to use. Which for most of the users is ok. The problem is with the mobile devices (Android). We've tested TrendMicro Mobile Security (it is more antivirus as management tool), Sophos Mobile (looks pretty ok, containers etc.) but still can't deploy automatically the user e-mail certificate, We've checked as well XenMobile but there is as well an option only for device certificate. In most cases (solutions), the user should open the AD CA page, generate certificate, download it, deploy it, and then use, which is very difficult for most of the non-technical users and it is as well a security issue. Is there a solution to do this automatically?
I see that there are a lot of management tools for Android but it will be enormous work to test all of them.
So, does someone already did such thing and which tool was used?
Thanks in advance