MobileRead Forums - View Single Post - WinCE.Brador.a

Colin Dunstan · 08-07-2004, 08:21 AM

According to Eugene Kaspersky, head of antivirus research at Kaspersky Labs, WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors.

The Backdoor.WinCE.Brador.a Trojan installs as a 5632 byte program on the PDA, and can be used to gain complete control of file uploads and downloads. The virus cannot spread by itself. Instead it can only arrive as an email attachment, as a download from the internet or as an upload along with other data from a desktop. Once activated it creates a file called svchost.exe in the Autorun directory and sends the computer's IP address to the Trojan controller. It then opens port 44299 and listens for instructions.

08-07-2004, 08:21 AM	#1
Colin Dunstan Is papyrophobic! Posts: 1,926 Karma: 1009999 Join Date: Aug 2003 Location: USA Device: Dell Axim	WinCE.Brador.a - first malicious PPC Trojan According to Eugene Kaspersky, head of antivirus research at Kaspersky Labs, WinCE.Brador.a is a full-scale malicious program ready to go: unlike proof-of-concept malware, Brador has a complete set of destructive functions typical for backdoors. The Backdoor.WinCE.Brador.a Trojan installs as a 5632 byte program on the PDA, and can be used to gain complete control of file uploads and downloads. The virus cannot spread by itself. Instead it can only arrive as an email attachment, as a download from the internet or as an upload along with other data from a desktop. Once activated it creates a file called svchost.exe in the Autorun directory and sends the computer's IP address to the Trojan controller. It then opens port 44299 and listens for instructions.