Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Trojan for Windows CE Released

Posted by CowboyNeal on from the handheld-infestation dept.

Tuxedo Jack writes "Symantec and The Register are reporting that the first Windows CE trojan horse, known as Brador, has been mailed to Trend Micro. This cannot spread on its own; it must be mailed or transmitted, then opened. Once opened, it opens a TCP port, allowing the remote-controller to connect and establish control over it. As expected, this will most likely be used to make new botnets, and it leads me to wonder: will we soon need firewalls for Windows Embedded?"

4 of 213 comments (clear)

  1. Of course we're going to need firewalls... by Dagny+Taggert · · Score: 4, Insightful

    ..for CE because, as usual, people will have to patch their CE-based PDA. If desktop Windows is any example, most people won't bother to download security updates, leading to exposure to other damaging varients. I'm sure the brains at Symantec are running in high gear right about now.

    --
    Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
  2. first? bullshit. by gl4ss · · Score: 4, Insightful

    since it doesn't even spread or do anything except accept commands over network I highly doubt that it isn't the first of it's kind.

    and tell me, WHAT GOOD WOULD A FIREWALL DO AGAINST AN _INTENTIONALLY_ INSTALLED BACKDOOR PROGRAM? nothing nada zip zero.. if you _wanted_ to run it which you must(in case of this program) you would want to turn off the fw too, no?

    and built for botnets? no way, are you disconnected with reality? building a botnet with these would be total idiocy.

    and then it's for windows mobile, not ce(yes, a mild difference but difference anyways): " Backdoor.Brador.A will work on Windows Mobile 2003 and only affects ARM-based devices."

    oh and another thing. 99% of the time these devices are behind NAT if they're on network.

    --
    world was created 5 seconds before this post as it is.
  3. Re:Windows Broken Security Model. by tesmako · · Score: 4, Insightful

    Well I would love to hear how all the people posting in this story complaining about the operating system security suggest how to prevent this trojan from working? It does not spread, you have to manually download it or get it in a mail, it does not automatically run, you have to run it yourself, just where is the operating system supposed to look to be able to tell that the user needs to protected from itself?

  4. Not a big deal. by mst76 · · Score: 4, Insightful

    What's the big deal about this, trojans are easy to write for any OS. This particular one opens a listening TCP port, and emails out it's IP address. Since WinCE is a fairly complete OS with a TCP/IP stack and an email client, it's rather obvious that something like this can be written. If they'd discovered a hole that can be exploited without user intervention, that would be big news.

    A possible security weakness of WinCE is that it has no real user and priviledge separation (like Win9x). But what many people who argue for security through priviledge seperation forget to mention is that a standard user (both on NT and Unix) usually has quite a lot of priviledges. You don't need to be root to open ports >1024 or silently send out thousands of emails. Remember, anything YOU can do under a normal user account, a trojan can do as well. So something like this could be easily written for Linux or MacOS. The only security that priviledge separation buys you is that you normally can't change system or other users' files. Since WinCE only supports one user, and the system is in ROM (a hard reset erases all virusses), there is nothing to be gained here.