Home > Articles > Security > Network Security

Analyzing the Crossover Virus: The First PC to Windows Handheld Cross-infector

  • Print
  • + Share This
  • 💬 Discuss
"Airborne" mobile viruses have been increasing in complexity at a surprising pace. For example, there have already been blended Trojan and virus threats that can spread through Smartphones using multiple wireless protocols. This could be problematic, as current mobile devices cannot support sophisticated antivirus software on current platforms. In this article, Cyrus Peikari analyzes the new Crossover Trojan, which is the first malware that simultaneously infects both Windows PCs and Windows Mobile handheld devices.

Less than two years ago, the very first Pocket PC virus to appear (Dust) was incredibly complex. It achieved a technological breakthrough roughly equivalent to the Win32 Chernobyl virus, which was the first PC-based virus to break into the protected "Ring 0" of the Windows operating system.

Moreover, within a year after Dust's release, we saw numerous "blended" threats. For example, virus writers developed anti-antivirus trojans and have even combined these with the Bluetooth-spreading capability of the Carib (Cabir) virus. So in the space of one year, we saw a viral evolution equivalent to what took 20 years on desktop PCs.

One problem with this rapid evolution of threats is the fact that mobile devices can't support sophisticated antivirus software on current platforms. To give one example, embedded operating systems don't use "interrupts" (system calls to the kernel), so a heuristic virus scanner on the PDA or Smartphone can't hook a specific interrupt that it might otherwise suspect is a virus.

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus