Virus Infects Pocket Pcs Via Activesync

[The Highlander]

The Mobile Malware Researchers Association (MARA) claims to have characterized the first malware to cross-infect a handheld phone or PDA from a desktop PC binary file. The virus -- a Trojan dubbed "crossover" -- spreads from a Windows-based desktop PC to a Windows CE-based handheld device via an ActiveSync connection, according to the group.

 

MARA was sent crossover anonymously. Included with the code was a statement explaining that it was a multiplatform proof-of-concept virus targeting Windows desktop OS's, Windows CE, and Windows Mobile with .NET CF 1.1, with the aim of demonstrating how a virus can spread from a desktop PC to a pocket PC, the group said.

 

The statement continued, "When executed the virus checks what the current OS is, if it is not windows ce or mobile the virus makes a copy of itself and puts a startup command to the copy in the registry local-machine-current-version-run, the virus then quietly waits for an activesync connection to be detected, it can wait infinitely and everytime the desktop is rebooted the virus recreates itself and again add new copies to the registry, theoretically you can have so many copies running on startup it could degrade or halt the PC's performance. When an active sync connection is detected the virus copies itself to the handheld device and remotely executes the virus to start running on the device."