Virus Leaps to Wireless

The Mobile Antivirus Researchers Association (MARA), a membership organization dedicated to mobile data security, says it has uncovered the first virus with the capability of leaping from a PC to a handheld device. Called "Crossover," the Trojan horse virus can spread from a Win32 desktop machine to a Windows Mobile Pocket PC handheld.

"Crossover is the first malware to be able to infect both a Windows desktop computer as well as a PDA running Windows Mobile for Pocket PC," MARA said in a statement yesterday. "It was sent to MARA anonymously."

The release of Crossover caused consternation among enterprise IT managers, and the advent of PC-to-mobile-device viruses could delay the deployment of wireless technologies.

"I suspect that here in the next several years the wireless spread of viruses is going to become more prominent than what we're used to," says Randy Maib, senior IT consultant at Integris Health Inc., an Oklahoma City-based healthcare organization with 10 hospitals and around 6,250 wireless users. "If it becomes such a risk factor that we can't do business over that medium without compromising security, we'll shut it off."

The MARA announcement has also fueled aggravation among some security companies that have not yet seen the virus.

It's customary for security researchers to share the software code for new viruses and other threats. But antivirus software maker Sophos plc has complained in news reports about the virus that MARA is requiring it to sign a membership agreement before sharing the Crossover code.

"Sophos and the rest of the big AV companies are welcome to have a sample if a representative from their company joins our organization," says Jonathan Read, product manager for mobile security company Airscanner, who is acting as a spokesman for MARA. "Our research group follows strict protocols, and ethically we cannot distribute malware code to non-members. Membership is not hard to obtain and it's free."

Crossover, says MARA, is a "proof-of-concept virus" that demonstrates, for the first time, how viruses can make the leap from desktop computers to the wireless world.

It works by becoming aware of what type of operating system is on the infected machine, then waiting until it detects a connection to a portable device over Microsoft's ActiveSynch software. It can then jump to the handheld. Once running on a portable OS, Crossover erases all the files in the "My Documents" folder and copies itself to the startup folder.

Because the virus duplicates itself each time the computer is rebooted, it can theoretically create multiple copies and degrade the performance of the infected device.

"With the growing use of handheld devices this type of virus may become very prevalent in the future," says Read in an email. "For viruses to be more effective they need to spread across a wider range of devices including wireless devices."

The discovery of Crossover coincides with reports of a another Trojan horse virus, called Redbrowser.a, that can infect smartphones, PDAs, or cellphones running Java 2 Micro Edition. Such multiplatform threats are particularly dangerous for enterprises when employees transport company data on portable devices and download it to less secure computers at home.

"Information technology professionals need to become aware of the security implications that mobile devices pose," notes Read. "Multiplatform code mixed with profit-hungry malware authors equals disaster."

— Richard Martin, Senior Editor, Unstrung