New Trojan Endangers Windows Mobile Devices
The malware affects Windows Mobile PocketPC devices, security experts say. Researchers at McAfee Avert Labs found that the Trojan, now known as WinCE/InfoJack, sends the infected device's serial number, operating system and other sensitive information to the Trojan's creators.
"It's not (a virus) that you download from a pirated site and get an infection," said Jamz Yaneza, research manager at Trend Micro. "It uses legitimate applications and repackages it with this particular Trojan."
Several of the WinCE/InfoJack features show malicious intent, researchers say. U.S. CERT warned in their advisory that the Trojan spreads through legitimate files, installing itself as either an autorun program on the memory card, or to the device when an infected memory card is inserted. It's then distributed widely via Google Maps, stock trading applications and numerous games.
"It's like the old viruses in the floppy disk days," said Yaneza. "This is an infection via memory card. It an old thing but on new devices."
The Trojan protects itself from deletion by copying itself back to disk, security experts say."When you delete this application from the memory card, it actually writes itself back," said Yaneza. "What happened to user rights and user preference?"
It also replaces the device's browser with the homepage of the malicious site, and allows unsigned applications to install without warning, leaving mobile devices open to other malicious code that attackers can discreetly install.
The WinCE/InfoJack was created by a specific Web site, which McAfee said in its blog was no longer reachable. Researchers speculated that the Web site's creators may have hired someone to create the Trojan and distribute it to other sites.
Microsoft personnel said in a statement that the malware does not exploit any security vulnerability, but instead relies on users downloading and accepting the installation of unsigned applications.
"Microsoft is committed to the security and safety of its customers and works with independent software vendors to investigate security issues. We recommend that customers employ standard security safeguards such as only download and install software from reputable, trusted sources and activate password protection on PCs and devices," said Scott Rockfeld, Microsoft group product manager, in a written statement. To reduce the risk of security threats, experts recommend that users install antivirus software and keep the virus signature files up-to-date. Users should also take general precautions when downloading and installing applications, security experts say.
Microsoft recommended that customers contact their OEMs and providers for the latest guidance on security threats on their particular devices. A spokesperson from the company also said that customers should understand the risks involved with social engineering order to protect themselves against malware threats and have safer experience online.
"These gadgets are running faster and better," said Yaneza."Because it's running like a regular PC, you should treat it like a regular PC."