Mystery surrounds PC-to-mobile virus

  • (IDG News Service)
  • — 02 March, 2006 08:12

A mystery is deepening around a report about the emergence of a virus that can pass from a PC to a mobile device, with some antivirus vendors saying they have not seen the code to confirm it.

The Mobile Antivirus Researchers Association (MARA) said Monday it anonymously received the code, named "Crossover." Microsoft, whose software the virus reportedly affects, said Wednesday it is investigating the reports but has not heard of any customer complaints.

Antivirus vendors said they will update their software to detect and remove the virus if they are allowed to analyze it. While vendors typically send virus samples to each other to update their products, MARA has not been forthcoming with a sample, said Graham Cluley, senior technology consultant for Sophos.

At the moment, the antivirus community only has MARA's word that the virus exists, Cluley said.

"We would still love to see a sample of this and determine if this is a potential threat to our customers," Cluley said. "It's a little bit disappointing that they are not sharing the sample."

However, three MARA members have run the code and verified it, and the group plans to file a full report on the virus within a week, wrote Cyrus Peikari in a response to an e-mail query. Peikari is a founding member of MARA and the chief executive officer of Airscanner, a mobile security software company.

The virus, MARA said, is the first one engineered to infect a Microsoft Windows desktop computer and then pass to a mobile device running the Windows CE or Mobile software, subsequently erasing files.

So far, the code remains proof-of-concept, a tag given to viruses that are created to illustrate how a vulnerability can be exploited but which are not generally released on the Internet.

But once the code is publicly released, malicious hackers may alter it. The aim is for the virus to spread rapidly before antivirus software is updated to detect and remove the malware.

The Crossover virus copies itself in the registry of a desktop computer. It waits for a mobile device to synchronize its data with a desktop machine using Microsoft's ActiveSync program, according to MARA's posting. The virus then erases files in the My Documents directory on the device.

Mikko Hypponen, chief research officer at F-Secure, said the security company can update its software to detect the virus within a couple of hours of having a sample. But the company has not seen the virus, he said.

Sophos contacted MARA by e-mail to request the virus. MARA responded with an e-mail attaching legal conditions to the release of the sample, but Sophos did not want to sign an agreement, Cluley said. Sophos has had concerns in the past over white papers containing virus source code that were published by MARA members, he said. Further, it is customary for antivirus vendors to securely send each other malware samples within a few hours, Cluley said.

MARA said that the virus would be available to antivirus companies and security experts "who qualify for MARA membership, which is free." Several have applied, Peikari wrote, but "a small number have arrogantly said, 'We're the experts, not you, so hand it over right now.'"

"Some of them have even tried to bully individual members into bypassing the proper protocol," Peikari wrote. "That is unfortunate, since it would be illegal to distribute malware without a signed agreement in place."

MARA can be flexible on its membership agreements, and companies could propose their own terms, Peikari wrote.

MARA, formed in 2005, describes itself as a "vendor-neutral group" dedicated to prevent the spread of malicious code. According to its code of conduct, MARA members are not supposed to exchange viruses except for research and not engage in computer crime, among several other rules.

MARA would provide Microsoft a copy of the virus if the company requests it, Peikari wrote.

If verified, the virus could mark the start of a new dangers for mobile devices, whose increasingly complex operating systems can be vulnerable to malware.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?