Two new Trojan horses are being billed as “first-of-their-kind” bugs.
Security alerts are warning of a “crossover” virus that leaps from one device to another; in addition, a new Java Trojan has been detected that could infect almost any cell phone.
The Mobile Malware Researchers Association (MMRA), a non-profit organization of professional researchers, on Monday announced that it has discovered thefirst virus that can be transferred from a PC to a mobile device — and delete files.
The researchers received an anonymous alert about the malware, which it has dubbed “crossover” for its ability to cross-infect a Windows Mobile PocketPC handheld from a desktop computer running the Windows operating system.
Crossover is the first malware that is able to infect both a Windows desktop computer as well as a PDA running Windows Mobile for Pocket PC, according tothe MMRA.
Crossover makes a copy of itself and puts a startup command to the copy in the registry. Next, it waits for an ActiveSync connection, whichsynchronizes the data between a PC and a mobile device.
The virus repeatedly copies itself into the registry each time a PC is rebooted. Analysts said this could slow down the PC’s performance or freezeup the computer. On the flip side, the virus copies itself to a pocket PC running the Windows CE or the Windows Mobile operating system and erases thefiles in the My Documents directory.
The good news is this is only a proof-of-concept virus. That means it sets out to demonstrate how easily malware could spread from one device toanother. Users have no reason to panic, some analysts are saying.
“If someone starts capitalizing on the crossover worm, and we start to see increased activity, then we can talk about a global threat,” Ken Dunham, senior engineer at threat intelligence firm iDefense, a VeriSign company based in Reston, Va., told TechNewsWorld. “It’s a little premature at this time.”
More Mobile Phone Trojans
Meanwhile, several antivirus companies are reporting yet another Trojan this week, called RedBrowser.a. Security researchers said it is the first malicious program to infect not only smartphones, but any mobile phone capable of running Java applications.
The Trojan spreads in the guise of a program called RedBrowser, which allegedly enables the user to visit WAP sites without using a WAP connection.
According to the Trojan’s author, this is made possible by sending and receiving free SMS messages. In reality, the Trojan sends SMSes to premium ratenumbers. The user is charged US$5 to $6 per SMS.
“This is a social engineering worm written in Russian,” Dunham said. “It is interesting when you look at it. This is a Java-based type of threat and ithas been proven to be successful. We need to look at this and see what is going to be the threat down the road.”
The Trojan is a Java application, a JAR format archive. The file may be called “redbrowser.jar,” and is 54482 bytes in size. The Trojan can bedownloaded to the victim’s handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer.
“This latest virus represents a natural progression for virus writers, who are constantly seeking to extend their reach by spreading infections via asmany platforms as possible,” said David Emm, a senior technology consultant at Kaspersky Lab. “One thing’s for sure — RedBrowser may be the first ofits kind, but it certainly won’t be the last.”
Once again, there is good news: the Trojan can be easily removed from the victim’s handset using standard utilities already installed on thetelephone. Still, Kaspersky Lab recommends that mobile phone users exercise caution and do not download or launch unknown programs via the Internet.