Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
First backdoor trojan found for Windows Mobile Pocket PC
Posted on 6-Aug-2004 14:17 | Tags Filed under: News


First backdoor trojan found for Windows Mobile Pocket PC
Not long after the first proof-of-concept Pocket PC virus was found, a real trojan program is being distributed, targeting this platform. Brador.a (or WinCE.Brador.a as defined by Symantec) is a backdoor (a utility allowing for remote administration of the infected machine) for Windows Mobile Pocket PC. It is written in ASM for ARM-processors and is 5632 bytes in size.

Brador is created to allow the master full control over the infected PDA via the port that the Trojan opens. Brador is programmed to upload and download files and execute a series of further commands. Like all backdoors, Brador cannot spread by itself: it can only arrive as an email attachment, be downloaded from the Internet or uploaded along with other data from a desktop.

After Brador is launched in creates an svchost.exe file in the /Windows/StartUp/ folder, thus gaining full control over the handheld every time it is restarted (soft reset). The program then identifies the IP address of the infected handheld and sends it to the virus coder to inform him that the handheld is connected to the Internet and that the backdoor is active. Brador then opens port 2989 and awaits further orders.

The backdoor responds to the following commands:

  • d - lists the directory contents
  • f - closes the session
  • g - uploads a file
  • m - displays MessageBox
  • p - downloads a file
  • r - executes a specified command

    Symantec reports this trojan here and Kasperski is reporting it here.









  • comments powered by Disqus


    Trending now »

    Hot discussions in our forums right now:

    Bombing at Manchester concert, 19 dead
    Created by Rikkitic, last reply by Rikkitic on 27-May-2017 12:55 (161 replies)
    Pages... 9 10 11


    Father banned from watching daughter's netball game: what you think of this?
    Created by Rikkitic, last reply by frankv on 25-May-2017 16:29 (136 replies)
    Pages... 8 9 10


    Tailgaters?
    Created by Linuxluver, last reply by reg52nz on 25-May-2017 16:29 (113 replies)
    Pages... 6 7 8


    The President Of The USA: Donald Trump
    Created by TimA, last reply by Fred99 on 27-May-2017 08:58 (4364 replies)
    Pages... 289 290 291


    Tipping? Please no!
    Created by BlueShift, last reply by cddt on 27-May-2017 10:10 (104 replies)
    Pages... 5 6 7


    Tax Cuts
    Created by tdgeek, last reply by dejadeadnz on 27-May-2017 12:19 (59 replies)
    Pages... 2 3 4


    NZ Herald - Internet providers have backdoor access to customers' modems
    Created by RunningMan, last reply by coffeebaron on 27-May-2017 10:45 (16 replies)
    Pages... 2


    Variable speeds on Fibre Max
    Created by kapitikarl, last reply by freitasm on 27-May-2017 13:24 (44 replies)
    Pages... 2 3