You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, download files, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact us.
I've been demoing Nod32 Antivirus software for my XP desktop. It updates several times a day and sends a little balloon message indicating the latest update. I clicked over just to see what the latest update contained and noticed a new Windows Mobile Worm has been snagged in the wild.
It requires .NET to be installed and looks like it's spread mainly by a desktop computer. So update your definitions..
Aliases: Xrove-A (Sophos), CXOver.A (Panda) Type: .NET WormAffect: 32 Bit Windows and WindowsCE/Windows Mobile Devices
Installation and Autostart Techniques on the Desktop
Upon execution on a Windows Desktop System the worm copies itself into the C:\Windows folder, using a randomly generated filename. This path is hardcoded in the worm executable.
The worm adds the following registry key to the registry to make sure that it runs every time windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The worm recognizes ActiveSync Connections (Via USB-Cable or Bluetooth) to this machine.
If successfully detected, the worm tries to copy itself on the mobile device under “\Windows\” with the same random name. After this it executes the worm executable on the mobile device to activate the worm there.
Once on the mobile device activated the worm tries to delete all files in the “\My Documents” folder recursively...
Linear Mode
