Just recently,  The Mobile Malware Researchers Association (MARA) announced that a new proof-of-concept malware was found that could cross-infect a handheld phone or PDA from a binary on the desktop PC.  Here's the report:

*****

The Mobile Malware Researchers Association (MARA) announced that it has characterized the first malware to cross-infect a handheld phone or PDA from a binary on the desktop PC. The malware, a Trojan dubbed "crossover", spreads from a Win32 desktop machine to a Windows Mobile Pocket PC handheld.  Crossover is the first malware to be able to infect both a Windows desktop computer as well as a PDA running Windows Mobile for Pocket PC. It was sent to MARA anonymously.

This is a proof of concept virus that shows how a virus can spread from a desktop computer to a Pocket PC. With the growing use of handheld devices this type of virus may become very prevalent in the future. For viruses to be more effective they need to spread across a wider range of devices including wireless devices.  Users need to be able to provide adequate protection to deal with these types of viruses. The crossover virus is named so because it crosses over from wired PC's to wireless pocket PC's. It is the first virus of its kind.

When executed the virus checks what the current OS is, if it is not Windows CE or mobile the virus makes a copy of itself and puts a startup command to the copy in the registry local-machine-current-version-run, the virus then quietly waits for an activesync connection to be detected, it can wait infinitely and everytime the desktop is rebooted the virus recreates itself and again add new copies to the registry, theoretically you can have so many copies running on startup it could degrade or halt the PC's performance. When an active sync connection is detected the virus copies itself to the handheld device and remotely executes the virus to start running on the device.

If the current OS is Windows CE or mobile, the virus erases all files in the \My Documents directory of the device. Then it copies itself to the \Windows directory and creates a shortcut to the copy in \Windows\Startup.  When the device is reset the shortcuts execute their target files, here also you can theoretically have multiple copies of the virus running on startup.

The crossover virus was written in C# (C Sharp) using Visual Studio .NET 2003, the Communications Library of openNETCF.org was used and was a great help. It should run on any handheld device running Windows CE/mobile and .NET CF 1.1

This is proof of concept code for educational purposes only. This virus closes the gap between handhelds and desktops, now its one big world open to all.  The report can be found at http://www.mobileav.org

*****

MARA is a vendor neutral organization and was formed in 2005 by a group of mobile device malware researchers to help promote knowledge in this new and emerging problem. The goal is to prevent the spread of malicious code as well as foster professional relationships amongst malware researchers.

The question now is who will be responsible for protecting our mobile users?  Is it the responsibility of mobile phone manufacturers or telecommunication providers?  I think it's both.  Manufacturers and providers should work hand in hand to prevent this problem from getting out of control.  Manufacturers are competing against each other to provide the most powerful handsets by including numerous features - features that almost resemble what a PC can do.  The problem is aside from inheriting the good features, manufacturers are also inheriting the bad.  And sad to say, their efforts in thwarting the dangers are so minimal.

New mobile phones of today already has the capability to send and receive emails, Instant Messaging, web browsing, streaming video and audio and more.  Capabilities that only PCs can do before, capabilities that malware writers use to infiltrate one's PC and propagate their malicious programs.  Now that it's inherited by mobile devices, do you think they will be spared?

Providers can also help stop this problem before it blows out of proportion.  They can provide security applications that will scan (not read) messages for malicious programs before it's sent to the intended recipient.  Again, they can charge a minimal fee for this, so that investment issues will not be a hindrance for its implementation.

While the "Crossover" malware is simply a proof-of-concept now, it already showed us that it could happen and it could be done.  And if a virus can be transferred from a PC to a mobile device, then it is safe to say that a virus can also be transferred from a mobile device to a PC.  I can tell you as early as now, with billions of mobile users around the world, it won't be a pleasant sight to see if nothing is done to prevent this problem facing both the PC and mobile world.

Am logging off.  Stay cool and God Bless us all!

**********

Announcement: Attend the Powertips 2006 "Security Secrets and Strategies" conference on March 16, 2006 at the Grand Ballroom of Dusit Hotel Nikko.  Tickets are available at all SM TicketNet outlets or call 911-5555.  You can also register online at www.infochat.com.ph.

For your questions, comments, suggestions, press releases and stories, please e-mail techtvhost@yahoo.com or visit www.infochat.com.ph for more articles.