Avert Labs Blog
posted a warning about a new Windows Mobile Pocket PC virus yesterday which
seems to be the first real Windows Mobile virus/trojan. While we have seen proof
of concepts before, this Windows Mobile trojan for Pocket PCs disables Windows
Mobile application installation security as well as it protects itself from
deletion by copying and installing it again from infected memory cards.
Furthermore, the virus which is called "WinCE/InfoJack" sends the infected
device's serial number, operating system and other information to the author of
The trojan was packed inside a number of legitimate installation files and
distributed widely but mostly on Chinese Windows Mobile Pocket PCs since the
source of WinCE/InfoJack seemed to be a Chinese website. However, it has been
also distributed with Google Maps (but not if you have downloaded it from
Google's own website) and applications for stock trading and a collection of
WinCE/InfoJack was created by a specific website, which isn't reachable any
longer but the website may have hired someone to create the trojan and maybe
distribute it to other sites. The maintainer of the website claims that the
software was just necessary to collect information on the types of mobiles used
to access their site.
WinCE/InfoJack has a number of features that show its malicious intent:
- Installing as an autorun program on the memory card
- Installing itself to the phone when an infected memory card is inserted
- Protecting itself from deletion, copying itself back to disk
- Replaces the browser's home page
- Allows unsigned applications to install without warning
WinCE/InfoJack installs as an autorun program on the memory card.
Because WinCE/InfoJack disables the Windows Mobile application installation
security, it allows to auto update itself. It also leaves the mobile open to
other malware being installed silently.
That's definitely a bad development and so far users hadn't have to be scared
from testing freeware applications as they are available for Windows Mobile.
Now, with such a development, it's strongly recommended to better verify who the
source of a freeware utility is and how the developer's reputation in the
Cheers ~ Arne