New mobile virus goes 'old school'

By

A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location.

New mobile virus goes 'old school'
The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.

When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use.

"This was a bit odd since companion viruses used to be more popular in the days of DOS and we haven't seen too many on newer platforms," wrote McAfee researcher Jimmy Shah in a blog posting.

Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to rewrite its own code to avoid detection by security software.

Viruses and malware for mobile devices is a small but emerging field. A recent report from F-Secure estimated that there are some 400 mobile viruses currently in circulation, and that many pose significant risks for data and identity theft.

Shah noted that it is not only the infection technique of this latest virus that harks back to the old days of malware creation. The methods behind its creation may also be from a bygone era.

"The appearance of this new virus for Windows Mobile phones may mark a change from for-profit Trojans and spyware to the more experimental form of viruses," he wrote.

"Or maybe Windows CE malware authors are just tired of other mobile platforms getting all the attention."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Cloudflare makes changes to avoid repeat of 1.1.1.1 DNS outage

Cloudflare makes changes to avoid repeat of 1.1.1.1 DNS outage

ACSC alerts to exploited MS SharePoint remote code execution flaw

ACSC alerts to exploited MS SharePoint remote code execution flaw

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Log In

  |  Forgot your password?