Subscribe to the::unwired's RSS Feedthe::unwired at Twitterthe::unwired on Facebookthe::unwired on Google Plus
the::unwired Article
ALERT: WinCE/InfoJack sends unauthorized information and leaves device vulnerable
Posted by Arne Hess - on Wednesday, 27.02.08 - 13:55:06 CET under 02 - Windows Mobile News - Viewed 10048x
Tagged under: [] [] [] [] [] []

McAfee Avert Labs Blog posted a warning about a new Windows Mobile Pocket PC virus yesterday which seems to be the first real Windows Mobile virus/trojan. While we have seen proof of concepts before, this Windows Mobile trojan for Pocket PCs disables Windows Mobile application installation security as well as it protects itself from deletion by copying and installing it again from infected memory cards.
Furthermore, the virus which is called "WinCE/InfoJack" sends the infected device's serial number, operating system and other information to the author of the trojan.

The trojan was packed inside a number of legitimate installation files and distributed widely but mostly on Chinese Windows Mobile Pocket PCs since the source of WinCE/InfoJack seemed to be a Chinese website. However, it has been also distributed with Google Maps (but not if you have downloaded it from Google's own website) and applications for stock trading and a collection of games:

WinCE/InfoJack was created by a specific website, which isn't reachable any longer but the website may have hired someone to create the trojan and maybe distribute it to other sites. The maintainer of the website claims that the software was just necessary to collect information on the types of mobiles used to access their site.

WinCE/InfoJack has a number of features that show its malicious intent:

  • Installing as an autorun program on the memory card
  • Installing itself to the phone when an infected memory card is inserted
  • Protecting itself from deletion, copying itself back to disk
  • Replaces the browser's home page
  • Allows unsigned applications to install without warning

WinCE/InfoJack installs as an autorun program on the memory card.
Because WinCE/InfoJack disables the Windows Mobile application installation security, it allows to auto update itself. It also leaves the mobile open to other malware being installed silently.

That's definitely a bad development and so far users hadn't have to be scared from testing freeware applications as they are available for Windows Mobile. Now, with such a development, it's strongly recommended to better verify who the source of a freeware utility is and how the developer's reputation in the community is.

Cheers ~ Arne


 
Related Links

Article Source

Related Articles Virus

Comments
Social Sharing
     
This Week's Top Stories
Feeds & More
Awards & More
Recent Discussions
© Copyright 1998 - 2013 by the::unwired® & Arne Hess
All rights reserved!
the::unwired is a registered trademark of Arne Hess.
All trademarks are owned by their respective companies.
All site video, graphic and text content is copyrighted to the respective party and may not be reproduced without express written consent.