Trojan Lurking for Pocket PCs

A backdoor Trojan horse program dubbed Backdoor.Bardor.a has been spotted positioning itself to take control of the Windows CE operating systems of Pocket PCs, security experts said Thursday.

Backdoor.Bardor.a's threat level is low, but the scenario the Trojan sets the stage for is quite sophisticated, according to security vendor Symantec, Cupertino, Calif.

If a user is tricked by the Trojan's file name and opens or executes the attachment, Backdoor.Bardor.a "allows full control of the handheld system when it is restarted. When the infected handheld is connected to the Internet, the backdoor sends the attacker the IP address of the handheld device. It then opens port 44299 and waits for further instructions from the attacker," according to a Symantec security alert.

Backdoor.Bardor.a gives an attacker so much control of a device, including the ability to install other applications, that Symantec recommends that infected systems have their operating systems completely reinstalled. Files with the name /Windows/StartUp/svchost.exe should also be deleted.

The Trojan only affects Pocket PCs powered by ARM processors, according to Symantec. Devices running XScale chips appear to be immune.

Symantec has classified Backdoor.Bardor.a as the first Windows CE (Pocket PC) backdoor Trojan. In June, one of the first viruses to affect cell phones arrived in the form of a worm called Cabir.