Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Windows CE Trojan out in the wild, say researchers

By Ed Oswald, BetaNews

February 27, 2008, 1:23 PM

US-CERT is warning of a Trojan that puts the users of Microsoft's mobile operating system at risk for data disclosure.

Known as the WinCE/InfoJack Trojan, it will hijack the device serial number, disable the operating system's security functions, then install programs and upload user data to the attacker's Web site.

The virus was first discovered in China. It is packed within legitimate installation files, and comes with a group of applications including Google maps, stock trading applications and games, according to McAfee.

"WinCE/InfoJack was created by a specific website. The website may have hired someone to create the trojan and distribute it to other sites," researcher Jimmy Shah said. "The maintainer of the website claims that the software was just necessary to collect information on the types of mobiles used to access their site."

The Trojan can install itself as an autorun program on the memory card, which in turn can spread simply by installing the infected card on another device. It also replaces the browser's homepage, and allows unsigned applications to be installed without warning.

Attempts at deleting it will only bring the Trojan back, as it copies itself back to disk.

Researchers say the application also had a feature where it would have been auto-updateable allowing additional malware to be installed. However, this website has apparently been taken down, as McAfee said local law enforcement has launched an investigation into the Trojan.

Add a Comment (9 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Galway

posted Feb 28, 2008 - 1:53 PM

"US-CERT is warning of a Trojan..."
"The virus was first discovered in China."

Is is a trojan or a virus ?

So basically ... Its a modified malicously crafted package the user has to download and install before it can do its stuff. Its sourced from a dodgy website, hosted by hackers that has since been taken down for their ilegal activities.

And hes me thinking it was somthing I should worry about.
"Windows CE Trojan out in the wild, say researchers"

Score: 0

By yourcat

posted Feb 27, 2008 - 2:54 PM

This is why I use linux. Not enough people use it to make it a worthwhile target for these things.

Score: 0

By morriscox

posted Feb 28, 2008 - 6:16 PM

Research before doing claims. I've had a Linux system (Slackware) hijacked.

Score: 0

By mjm01010101

posted Feb 28, 2008 - 1:23 PM

Look into hosted linux boxes getting pwn3d. It happens.

Score: 0

By skimore

posted Feb 27, 2008 - 3:18 PM

linux phone??

Score: 0

By Tenoq

posted Feb 27, 2008 - 6:02 PM

Yeah, they have one of those.

Score: 0

By daq

posted Feb 28, 2008 - 12:06 PM

There's actually quite a few. Google it.

Score: 0

By skimore

posted Feb 27, 2008 - 2:04 PM

Google Maps.. Oh great!! This will help sell AV for phones..

Score: 0

By Tenoq

posted Feb 27, 2008 - 6:03 PM

God no - mobile phones OSes are slow enough as it is.

Score: 0

Sep 5 - 8:44 PM ET Mozilla's Aza Raskin: The journey back to Ubiquity

Sep 5 - 7:10 PM ET Red Hat buys virtualization specialist Qumranet

Sep 5 - 7:06 PM ET Analysts: Online news viewers rising as newspaper readership falls

Sep 5 - 6:55 PM ET Where does Sarah Palin stand on technology issues?

Sep 5 - 6:51 PM ET Adobe Flash to deliver NFL games in full

Sep 5 - 4:29 PM ET Exclusive beta invitation from GameTap and BetaNews

Sep 5 - 4:09 PM ET Report: OLPC buy one, give one deal returns

Sep 5 - 3:45 PM ET No ruling yet in TiVo vs. EchoStar patent case

Sep 5 - 3:37 PM ET Google Analytics starts tracking Chrome, with intriguing results

Sep 5 - 2:14 PM ET Comcast challenges FCC's authority in sanction appeal