The virus then runs itself when the original file is called, often loading the displaced file after the virus code has been executed.
When researchers at McAfee first examined the virus, they were surprised to find that such an infection technique was still in use.
"This was a bit odd since companion viruses used to be more popular in the days of DOS and we haven't seen too many on newer platforms," wrote McAfee researcher Jimmy Shah in a blog posting.
Other elements of the virus are quite modern. The code itself is encrypted and polymorphic, allowing the virus to rewrite its own code to avoid detection by security software.
Viruses and malware for mobile devices is a small but emerging field. A recent report from F-Secure estimated that there are some 400 mobile viruses currently in circulation, and that many pose significant risks for data and identity theft.
Shah noted that it is not only the infection technique of this latest virus that harks back to the old days of malware creation. The methods behind its creation may also be from a bygone era.
"The appearance of this new virus for Windows Mobile phones may mark a change from for-profit Trojans and spyware to the more experimental form of viruses," he wrote.
"Or maybe Windows CE malware authors are just tired of other mobile platforms getting all the attention."
New mobile virus goes 'old school'
By
Shaun Nichols
on Nov 17, 2008 6:49AM
