Hacker creates malicious Pocket PC Trojan

A virus that can allow hackers to take over PDAs running Microsoft's Pocket PC operating system has been created, antivirus company Kaspersky Labs has warned.

The Trojan is thought to be the work of a Russian hacker who is trying to sell it for use by spammers or hacking groups. It affects all versions of Pocket PC.

"WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors," said Eugene Kaspersky, head of antivirus research at Kaspersky Labs, in a statement.

"We were certain that a viable malicious program for PDAs would appear soon after the first proof-of-concept viruses emerged for mobile phones and Windows Mobile."

The Backdoor.WinCE.Brador.a Trojan installs as a 5632 byte program on the PDA, and can be used to gain complete control of file uploads and downloads.

The virus cannot spread by itself. Instead it can only arrive as an email attachment, as a download from the internet or as an upload along with other data from a desktop.

Once activated it creates a file called svchost.exe in the Autorun directory and sends the computer's IP address to the Trojan controller. It then opens port 44299 and listens for instructions.

Last month another proof-of-concept virus for the Pocket PC, W32/Duts-A, was written by 29a, a Russian hacking group. But this contained no payload.