Kaspersky Labs has detected Backdoor.WinCE.Brador.a, the first backdoor for PDAs running under PocketPC (based on Windows CE). Brador is a classic Trojan backdoor program: it opens the infected machine for remote administration. Brador is 5632 bytes in size and it infects handhelds running Pocket PC. After the backdoor is launched, it creates the svchost.exe file in the Windows autorun folder, thus maintaining full control over the system every time the handheld is turned on. Brador then identifies the machines IP address and sends it to the author, informing him that the handheld is in the Internet and the backdoor is active. Finally, Brador opens port 44299 and awaits further commands.
Brador is created to allow the author full control over the infected PDA via the port that the Trojan opens. Brador is programmed to upload and download files and execute a series of further commands. Like all backdoors, Brador cannot spread by itself: it can only arrive as an email attachment, be downloaded from the Internet or uploaded along with other data from a desktop.
"We were certain that a viable malicious program for PDAs would appear soon after the first proof of concept viruses emerged for mobile phones and Windows Mobile", commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof of concept malware, Brador has a complete set of destructive functions typical for backdoors."
News source: Kaspersky Labs