InfoJack Trojan burrows into Windows CE machines

China syndrome - for now

By John Leyden, 27th February 2008

Miscreants have created a Trojan capable of infecting mobile devices running Windows CE.

The InfoJack Trojan spreads by either tricking mobile users into installing seemingly legitimate application installation files or if punters inadvertently use an infected memory card on vulnerable devices. The malware has been spotted circulating in China.

InfoJack disables Windows Mobile application installation security. It sends the infected device's serial number, operating system, and other information to the author of the Trojan (a factor that explains the name of the malware). Infected devices are left vulnerable to the injection of further malware strains by allowing unsigned applications to be installed without a warning.

Once infected, the homepage on a device's browser is changed. The malware contains a number of features designed to frustrate clean-up efforts by copying itself back onto disk to protect itself from deletion.

Internet security firm McAfee warns that the Trojan has been distributed with Google Maps, applications for stock trading, and games. It adds that the Trojan's website is no longer reachable, due in part to an investigation by Chinese law enforcement officials.

McAfee's write up of InfoJack can be seen here.

InfoJack is not unprecedented. A very small number of PocketPC viruses have been created over the last four or five years and, in at least one case, a Trojan capable of infecting Windows CE (Brador-A) has been seen in the lab.

InfoJack differs from its predecessors because it's been spotted in circulation, albeit to a modest extent. The spread of the malware provoked security clearing house US CERT to issue an alert. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections

All Reader Comments (3)

Latest Comments

Posted Sunday 9th March 2008 03:00 GMT

Roderick Rotzien

The reality

Tested and proven these two while moguls in the anti virus world are not the best there is and I myself i seen many many virus go easily through both of them and will never again use either. While viruses on mobiles are a risk this is not wide spread but from many reports and intel coming out cellphones and mobile devices are becoming at risk.

www.techwarrior.biz

Posted Thursday 28th February 2008 21:52 GMT

Anonymous Coward

Malware/Trojan on Windows mobile device

It is suspicious that McAfee and Norton's both come out with a virus protection for mobile devices the same week that the first ever trojan is found. After further research on McAfee site on the trojan and viewing the screen shot for the device, It looks like the Trojan was created before May of 2006, almost 2 years ago and it is on a operating system (CE) that is outdated for a long time. My question is what is the true date of the virus and why telling us now. However a seed has been plant in upper management that we may need McAfee's product due to this post

Posted Wednesday 27th February 2008 23:50 GMT

n3td3v

Never trust a report originating from a security vendor

The report originated from security vendor McAfee, who will by trade make a small issue appear massive and will try and create a hype. Sure, US-Cert had no choice but to follow up with an alert. The truth is though this is a small outbreak, if there is any infection activity at all. If a trojan report originally comes from a non-security vendor then a report has more weight. As soon as I noticed the report of this mobile trojan last night I took the report with caution and didn't post it to my mailing list.In truth this is a non-event, just hyped up by McAfee for business interests. The security vendor inustry are desperate for the whole mobile hacking thing to explode right now, they have their products to protect against it already built up and waiting for use, accept no one is buying them, because there is no attack vector to cause alarm yet amoung normal folks. However, the security vendor industry should be careful with this, because if you cry wolf too many times, your going to weaken your credibility when the real mobile threats are rolled out by hackers. Sure, its good to release these reports on a globally known press release day Tuesday's and Thursday's, but you're doing yourself as a vendor more damage than its worth. I suggest the written media take a backseat approach to folks like McAfee making these announcement's and what the motivation might be, to inform the masses of a real threat or one that's going to keep a vendor's company name in circulation and associated with mobile protection products, to trick the general public into thinking third party application's are necessary for your mobile phone's existence at such a premature time in mobile phone research time frame of february 2008. In 2008, there is still no real mobile security threat and there is certainly no need for any third party security vendor products from McAfee or any other vendor.