댓글 쓰기 권한이 없습니다. 로그인 하시겠습니까?
2004.08.05 23:05
Malicious Code Exploits Backdoor in PDA Security
조회 수 11244 추천 수 5 댓글 0
http://www.pdastreet.comHandheld viruses aren't' new...at least in concept.
It has only the been last couple of months that anti-virus companies have uncovered the first two handheld viruses, one for Symbian smartphones and the other for Pocket PC PDAs and phones. Fortunately, reformed virus writers created these worms뾇POC.Cabir for Symbian and WinCE.Dust for Pocket PC?as members of 29a, an international group of programmers that specialize in proof-of-concept viruses.
So EPOC.Cabir and WinCE.Dust were developed not to create havoc but to prove that malicious code for handhelds could be generated.
Unfortunately, a less "noble" virus writer paid attention and took 29a's warning as a call to mischief...or worse. He set forth the first Trojan Horse for Pocket PCs. Discovered today by a number of anti-virus companies.
The Trojan Horse, called Backdoor.Bardor.A and WinCE.Brador, would most likely be received as a disguised e-mail attachment. Should an unsuspecting handheld user launch it, an attacker would be allowed to control the Pocket PC and all the data on it the next time it is connected to the Web. Specifically, the worm identifies the machine's IP (Internet Protocol) address and sends it to the virus author뾲he would be assailant뾦nforming him that the handheld is on the Internet and the backdoor is active. Brador then opens TCP port 44299 or 2989 and awaits further commands.
Anti-virus companies, such as Symantec and Kaspersky Labs, have been on top of the situation, updating their anti-virus databases with protection against Brador. To these vendors, the advent of the Bardor Trojan Horse comes as no surprise.
"We were certain that a viable malicious program for PDAs would appear soon after the first proof of concept viruses emerged for mobile phones and Windows Mobile", commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof of concept malware, Brador has a complete set of destructive functions typical for backdoors."
According to Russia-based Kaspersky, the Trojan Horse was probably written by a Russian virus coder, as it was attached to an email with a Russian sender address and Russian text inside. Furthermore, the author offered to sell the client part for the worm, meaning that there's a possibility it may be used commercially for a more benign purpose, such as bot network creation.
Nevertheless, all handheld users, not just Pocket PC device owners, need to be more vigilant about opening attachments, such as Microsoft Office, PDF and picture files. That's because it is probably only a matter of time before malicious code targets other mobile operating systems, including Palm, Symbian, Linux, J2ME, RIM BlackBerry etc.
We've posted a couple of articles (see bellow) to help handheld users and companies that support these devices secure them. The articles are a good place to start to learn the hows and whys of PDA, smartphone, cell phone and mail phone security.
Top 10 Items You Shouldn't Allow on Employee Unprotected PDAs (and what do about it)
With all of the time and money companies devote to securing their IT systems, a single unsecured PDA can poke a hole in a corporate security wall the size of Montana.
Learn the Basics of Handheld Security
While PDA and smartphone security is often a forgotten piece of the security infrastructure, these devices have the ability to transmit and receive viruses, and can be exploited in numerous ways. In this article, the first in a series on the subject, we provide a general overview of PDA security and discuss vulnerabilities, products, security issues, and policies.
It has only the been last couple of months that anti-virus companies have uncovered the first two handheld viruses, one for Symbian smartphones and the other for Pocket PC PDAs and phones. Fortunately, reformed virus writers created these worms뾇POC.Cabir for Symbian and WinCE.Dust for Pocket PC?as members of 29a, an international group of programmers that specialize in proof-of-concept viruses.
So EPOC.Cabir and WinCE.Dust were developed not to create havoc but to prove that malicious code for handhelds could be generated.
Unfortunately, a less "noble" virus writer paid attention and took 29a's warning as a call to mischief...or worse. He set forth the first Trojan Horse for Pocket PCs. Discovered today by a number of anti-virus companies.
The Trojan Horse, called Backdoor.Bardor.A and WinCE.Brador, would most likely be received as a disguised e-mail attachment. Should an unsuspecting handheld user launch it, an attacker would be allowed to control the Pocket PC and all the data on it the next time it is connected to the Web. Specifically, the worm identifies the machine's IP (Internet Protocol) address and sends it to the virus author뾲he would be assailant뾦nforming him that the handheld is on the Internet and the backdoor is active. Brador then opens TCP port 44299 or 2989 and awaits further commands.
Anti-virus companies, such as Symantec and Kaspersky Labs, have been on top of the situation, updating their anti-virus databases with protection against Brador. To these vendors, the advent of the Bardor Trojan Horse comes as no surprise.
"We were certain that a viable malicious program for PDAs would appear soon after the first proof of concept viruses emerged for mobile phones and Windows Mobile", commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof of concept malware, Brador has a complete set of destructive functions typical for backdoors."
According to Russia-based Kaspersky, the Trojan Horse was probably written by a Russian virus coder, as it was attached to an email with a Russian sender address and Russian text inside. Furthermore, the author offered to sell the client part for the worm, meaning that there's a possibility it may be used commercially for a more benign purpose, such as bot network creation.
Nevertheless, all handheld users, not just Pocket PC device owners, need to be more vigilant about opening attachments, such as Microsoft Office, PDF and picture files. That's because it is probably only a matter of time before malicious code targets other mobile operating systems, including Palm, Symbian, Linux, J2ME, RIM BlackBerry etc.
We've posted a couple of articles (see bellow) to help handheld users and companies that support these devices secure them. The articles are a good place to start to learn the hows and whys of PDA, smartphone, cell phone and mail phone security.
Top 10 Items You Shouldn't Allow on Employee Unprotected PDAs (and what do about it)
With all of the time and money companies devote to securing their IT systems, a single unsecured PDA can poke a hole in a corporate security wall the size of Montana.
Learn the Basics of Handheld Security
While PDA and smartphone security is often a forgotten piece of the security infrastructure, these devices have the ability to transmit and receive viruses, and can be exploited in numerous ways. In this article, the first in a series on the subject, we provide a general overview of PDA security and discuss vulnerabilities, products, security issues, and policies.
Designed by sketchbooks.co.kr / sketchbook5 board skin
Sketchbook5, 스케치북5
Sketchbook5, 스케치북5
Sketchbook5, 스케치북5
Sketchbook5, 스케치북5