|
Brador Pocket PC Virus
Also known as WinCE.Brador.A; Backdoor.Brador.A
It is specifically designed to attack (Windows Mobile) Pocket PC users via Microsoft's CE operating system. Brador is a full-scale malicious program. It has a complete set of destructive functions typical for backdoors. The virus can be obtained via an email or via the internet.
It is written in ASM for ARM-processors and is 5632 bytes in size. After Brador is launched in creates an svchost.exe file in the /Windows/StartUp/ folder, thus gaining full control over the handheld every time it is restarted. Brador identifies the IP address of the infected handheld and sends it to the virus coder to inform him that the handheld is connected to the Internet and that the backdoor is active. Brador then opens port 2989 and awaits further orders. The backdoor responds to the following commands: d - lists the directory contents; f - closes the session; g - uploads a file; m - displays MessageBox; p - downloads a file; r - executes the specified command.
Brador was probably written by a Russian virus coder. It is more than likely that the hacker may retail this virus to spammers and other hackers to cause harm. The Trojan was attached to an email with a Russian sender address and Russian text inside. Interestingly enough, the author is offering to sell the client part for the Trojan to all interested parties, which means that there is a real chance that the backdoor may be bought by somebody who will use it commercially (bot network creation, for instance).
Update: Viruses targeting the Pocket PC platform, is not as widespread as media reports would have you believe. This is according to some leading anti-virus experts. The real and present danger is the numerous virus attacks which are happening every day on desktop computers running good old fashioned Windows.
Backdoor.Bardor.A virus, a Windows CE Trojan horse program designed to give attackers control over Pocket PC mobile devices.
|
Post your comment