A new virus is relying on some old tricks to infect Windows Mobile users. Its attack uses an old method of assuming the identity of an existing file and moving the old file to a different location. The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.

When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use. Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to re-write its own code to avoid detection by security software.

Viruses and malware for mobile devices is a small, but still emerging field. A recent report from F-Secure estimated that there are some 400 mobile viruses currently in circulation, and that many pose significant risks for data and identity theft.

According to Jimmy Shah (McAfee) "The appearance of this new for Windows Mobile phones may mark a change from for-profit trojans and spyware to the more experimental form of viruses. Or maybe WinCE malware authors are just tired of other mobile platforms getting all the attention."


Source: vnunet