Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Trojan for Windows CE Released

Posted by CowboyNeal on from the handheld-infestation dept.

Tuxedo Jack writes "Symantec and The Register are reporting that the first Windows CE trojan horse, known as Brador, has been mailed to Trend Micro. This cannot spread on its own; it must be mailed or transmitted, then opened. Once opened, it opens a TCP port, allowing the remote-controller to connect and establish control over it. As expected, this will most likely be used to make new botnets, and it leads me to wonder: will we soon need firewalls for Windows Embedded?"

14 of 213 comments (clear)

  1. Only a matter of time I guess... by pillageplunder · · Score: 4, Interesting

    Interesting point that it cannot spread on its own. It appears to be following similar paths to viruses for other OS...start simple, move up in complexity and sneakiness.
    Greaaaaaat.

    --
    "Work is the curse of the drinking class" Oscar Wilde
    1. Re:Only a matter of time I guess... by Lumpy · · Score: 5, Interesting

      not really.

      The first viruses I saw back in the 80's were 20 times more elegant and amazing. they would actually attach to other programs, chaing the first byte of the software to jump to the end of the program, execute the virus, then run the program. Many would even convince the DOS dir command to lie to the user and show the same filesize as the normal program... even though a user would not really notice the file size change cince many of these viruses were smaller than 1K some less than 500 bytes.

      today we really dont have many viruses but simply mal-ware.... although there are some real viruses out there.

      granted adding network capabilities to a virus is harder, but a simple local filesystem spreader can jump network mounted drives because the OS is happy to make it easy for the program.

      --
      Do not look at laser with remaining good eye.
    2. Re:Only a matter of time I guess... by maxwell+demon · · Score: 3, Interesting

      Hmmm ... my television is actually connected to a network (the cable TV network). Do I need a firewall for it?

      --
      The Tao of math: The numbers you can count are not the real numbers.
  2. i find it interesting by dncsky1530 · · Score: 2, Interesting

    that smartphones were hit by a worm before windows CE, anyone wondering the same thing?

  3. Its about time! by Anonymous Coward · · Score: 4, Interesting

    Can you get virus/wormprotection for CE already at all?

  4. Marketshare isn't an issue either with this by CrackedButter · · Score: 3, Interesting


    There are more mac's than window CE devices yet there is now a virus for that platform. That argument about macs having a smaller marketshare and thus are not the target of hackers can be trown out of the window.
    Can it?

    --
    Jonathanjk.com
    1. Re:Marketshare isn't an issue either with this by DaHat · · Score: 2, Interesting

      You say that as if there are no viruses on the Mac platform. A simple google search will reveal that is not the case.

      --
      Help Brendan pay off his student loans
    2. Re:Marketshare isn't an issue either with this by gl4ss · · Score: 2, Interesting

      this is not a virus, or not even a trojan.

      it's a honest backdoor program.. which means that it's just a program that takes commands from outside the device and as such is very unlikely to even be first of it's kind.

      very bad excuse for an antivirus company to get some pr tho.

      I believe this kind of programs exist for mac as well(opensshd would technically count as well, strange we don't see it mentioned there).

      --
      world was created 5 seconds before this post as it is.
  5. Re:Of course we're going to need firewalls... by danamania · · Score: 2, Interesting

    ..for CE because, as usual, people will have to patch their CE-based PDA

    Good point, if WinCE based machines operate in a network manner the same as desktop Windows. Are they in any way comparable? If you somehow had a desktop running WinCE, would it be comparable to say, a Win XP machine with its networking?

  6. diebold. by Neophytus · · Score: 4, Interesting

    IIRC everybody's favorite e-voting company Diebold uses CE for their voting machines. I wouldn't be surprised if they used it for their ATMs too. There's a pretty big market to be hit if you can get a worm onto either of those private networks.

  7. they are already creating a firewall for it by FluffyG · · Score: 3, Interesting

    I had a chat with my cousins husband close to a year ago and he was working with a company that was creating a firewall for windows CE because they knew this would become a problem plus there are already numerous security flaws he explained to me which i forgot over the course of a year...
    so the idea of a windows CE firewall has already been in the works for some time...

    i was doing a project for school and this topic came up because it was a new technology that could be exploited over time

  8. My Firewall IS running Windows CE by Air-conditioned+cowh · · Score: 4, Interesting

    I just got a Belkin 54g ADSL router and have been dismayed by it's annoying habbit of not syncing for hours at a time then deciding to work again. Another ADSL modem works all the time.

    I discovered that the admin interface called up a file with a .exe suffix. Oh oh. That means that the box itself is running some kind of MS software. This probably explains why it behaves in such a flakey manner generally.

    I wonder how long it will be before these so-called firewall boxes are turned into zombies.

    Now Windows is worming its way into more and more embedded appliances people are just having to get used to a lower and lower standard of reliability from devices that never used to crash or get viruses, such as ATM machines, firewall/routers, mobile phones etc.

    I hope consumers and embedded developers become aware of this and stop the rot.

  9. Re:Attitudes to networking by MikeXpop · · Score: 2, Interesting
    "do motorcycles need seatbelts?"
    That's the silliest thing I've ever heard. Of course they don't need them. Adding seat belts would be a saftey hazard. If I fall on a motorcycle, the last thing I want is to have a motercycle strapped to me. The whole purpose of a seatbelt is so you don't smash into the front of the car/train/bus. That doesn't make sense on a motorcycle.
    --
    Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
  10. What about PalmOS? by lokiz · · Score: 2, Interesting

    Anyone know if there have been any malware for PalmOS? Go into any CompUSA, BestBuy, Staples etc and the PDA's will have PalmOS or WindowsCE. Once in a blue moon you'll find a linux based PDA, but it is still rare. So I would think a security comparison would be in order of PalmOS and WindowsCE since they are the more common PDA OS's.