Airscanner Corp. has published a step-by-step tutorial explaining how they have worked to find the inner workings of Brador, the first trojan horse malware for Windows Mobile Pocket PC devices. The authors include the methods for background research and even include a fully annotated IDA disassembly of the ARM binary.

Brador was created to allow the master full control over the infected PDA via the port that the Trojan opens. The malware is programmed to upload and download files and execute a series of further commands. Like all backdoors, Brador cannot spread by itself: it can only arrive as an email attachment, be downloaded from the Internet or uploaded along with other data from a desktop.

The article is in two parts, with the link to the second part under the title on part 1.