Technology News: Malware: New Trojan Tries to Leap From Phone to PC

New Trojan Tries to Leap From Phone to PC

By Susan B. Shor
TechNewsWorld
09/23/05 10:34 AM PT

Peter Firstbrook, research director, Gartner, said that Cardtrp is nothing new. "The only difference I noticed was that it drops win 32 malware in the memory card to infect PCs. That is a new channel for malware to infect PCs, but it is not unanticipated that phones would be a vector for PC infection," he said.

Think your data is safe? Think again. Data-stealing malware is on the rise. Trend Micro Enterprise Security, powered by the Trend Micro Smart Protection Network, blocks threats before they reach your network. Learn how. Download our Outthink the Threat eBook or register for a free, on-site assessment.

Antivirus experts have found a virus that can move from mobile phones to computers, but analysts say the bug is neither very dangerous nor very sophisticated.

The Trojan, called CARDTRP.A or Sybos/Cardtrap.A by different antivirus vendors, is rated as a low risk by Trend Micro (Nasdaq: TMIC) . F-Secure calls it "unremarkable" except that it runs on the mobile phone OS Symbian and will try to infect a PC if the phone's memory card is plugged into it.

'Old Hat'

"The only thing new that it does is ineffectively try to spread to the PC from the phone -- this is new behavior for phone malware but old hat for traditional malware. The IIS/sadmind worm, for example, spread to both Solaris and IIS," Ed Moyle, president, SecurityCurve, told TechNewsWorld. "So, it's not really new or innovative in itself -- it does, however, apply old concepts in a new way."

Moyle said the Trojan was almost exactly like Cabir, another Symbian virus, and unlikely to do much harm.

"I don't think it's dangerous in and of itself, and I don't think it necessarily signals a trend to come," he said. "From an originality perspective, I'm not impressed by this virus either."

Expected Development

Peter Firstbrook, research director, Gartner (NYSE: IT) , agreed with Moyle that Cardtrp is nothing new.

"The only difference I noticed was that it drops win 32 malware in the memory card to infect PCs. That is a new channel for malware to infect PCs, but it is not unanticipated that phones would be a vector for PC infection," he said.

If the memory card successfully copies the malware, Win32/Padobot.Z and Win32/Rays, onto a PC, the Trojans will attempt to start up in autorun, but F-Secure points out that under most circumstances, Windows will not allow that.

Moyle said that it wouldn't have been difficult for a malware writer to find and alter Cabir.

"Functional source code for a large amount of existing malware can be found on the Internet, so it's pretty easy for someone to cut and paste from existing malware or to just look to existing malware for example purposes," he said. "The addition of new malware functionality, particularly functionality that leverages a commonly used feature of the underlying platform such as writing files to a memory card, is also pretty easy."

Trend Micro Inc	Activate Alert \| Search Archives

F-Secure	Activate Alert \| Search Archives

Symbian	Activate Alert \| Search Archives

Gartner	Activate Alert \| Search Archives