Today a notice hit http://www.sophos.com about a Trojan infecting phones utilizing Microsoft Windows Mobile. This is making its way across China when the phone accesses one of several websites over there. It is only a matter of time before this affects Europe and North America.
The trojan, called winCE//infojack, it is wrapped together with several legitimate mini-games, including Mahjongg and a version of Tetris. The trojan is written in such a way that an unsuspecting user will install the package” on the mobile device.
Once downloaded, the trojan lowers the security settings on the device so it the user doesn’t know that the applications are unsigned. Like any other version of Windows this is done through a registry edit.
The trojan also includes self-replication capabilities that can infect memory cards connected to the device, researchers said. This ensures that the infection is executed every time the card is plugged in.
Once installed on the mobile device, the trojan can steal confidential information — such as username, password and financial data — from the phone and send it back to the malware’s author.
Being a mobile phone user myself I naturally wanted to try to find ways to protect my information stored on my phone. I found F-Secure’s AV for Windows Mobile at http://mobile.f-secure.com available for trial download. I hate participating in the Fear Uncertainty and Doubt (FUD) Factor but why not look to prevent something from happening. Now not that I know if this will help to prevent infection (other than the age old adage never install anything that you don’t know where it comes from). I hope that the F-Secure Anti-Virus application for Windows Mobile will help prevent some of this activity.
March 4, 2008 at 5:46 pm
For as much as I admire McAfee’s marketing ability (they found and publicized the ‘trojan’), this particular issue is a bit overblown compared to other threats that are out there and are real.
For example, FlexiSPY allows for remote real time monitoring of calls (bugging the mobile phone). MyMobiler includes a hard coded backdoor FTP server with static user/pass. Numerous products have vulnerabilities that can allow local and remote code execution.
InfoJack is a threat, but the user has to first accept the installation of a file that warns the user the file might be a virus. Once this is accepted, the software has full control over the device, including the ability to turn off the code signing requirements.