Malicious code targeting PDAs identified
- By William Jackson
- Aug 05, 2004
The first backdoor code for personal digital assistants has emerged, raising concerns that handheld devices soon could be targeted by hackers.
The code, called Backdoor.WinCE.Brador.a, was identified by Kaspersky Labs. It is 5,632 bytes and targets PDAs running PocketPC. The Moscow-based antivirus company called Brador a classic Trojan backdoor program, which could expose handheld devices to remote exploitation.
'WinCE.Brador.a is a full-scale malicious program ready to go,' said Eugene Kaspersky, the company's head of antivirus research. 'Unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors.'
Security experts said the threat from Brador is not imminent, but probably is inevitable.
'We aren't seeing it spreading at this point,' said Dee Liebenstein, group product manager of Security Response for Symantec Corp. of Cupertino, Calif. 'It's the scenario for the future that raises concern.'
The sample seen by Kaspersky was attached to an e-mail from a Russian sender and with Russian text. It creates an executable file in the PDA's autorun folder so that it takes over whenever the device is turned on. It identifies the IP address, contacts the author and opens port 44299 for further commands.
The author was offering to sell the client code.
'Malware development for mobiles is passing through the same stages as for desktops,' Kaspersky said. 'We will probably see a serious outbreak of viruses for handhelds sometime soon.'
Backdoors require a delivery vehicle to spread them. These could include e-mail or a Web site that downloads the code, but the most effective delivery system for widespread infection is a worm, which has not yet appeared optimized for PDAs.
'There still is a lot of hard work to be done to get an effective mechanism,' Liebenstein said. 'But this probably should raise concern. Mobile devices are going to be the next targets.'
Liebenstein said PDA users should protect their devices with antivirus software. So far this has been an option, but the time will come when it is a necessity, she said.
'We have been warned.'
William Jackson is a Maryland-based freelance writer.