The past couple of years taught us the Lilliputian world of PDAs and smartphones is no longer immune to malicious attack. That's because proof-of-concept virus writers and the not so ostensibly noble have let loose a variety of mobile malware for smartphones.

An organization called the Mobile Antivirus Researchers Association (MARA) has anonymously received a new Trojan - dubbed crossover - presumably from a member of the former camp. MARA formed in 2005 to help stop the spread of malicious code as well as foster professional relationships amongst anti-virus researchers.

MARA says the new Trojan can cross-infect a Microsoft-based smartphone or PDA from a binary on a Win32 desktop machine.

Airscanner (mobile security company) product manager and MARA member Jonathan Read explained to SmartPhoneToday in an e-mail, "Crossover viruses have been discussed before in relation to Symbian devices but these where not automatic and infected the phone first then the desktop PC. Some even had to be physically installed from the device to the desktop computer by removing the memory card from one and putting it in the other."

"The crossover virus we have discovered is the first real virus that crosses over using the same executable to infect the Pocket PC mobile device," he added.

When the crossover virus finds itself on a machine that isn't Windows CE or Windows Mobile, it waits for an ActiveSync synchronization from a device running one those operating systems.

The virus can hang on as long as it takes—replicating itself on the host system with each reboot; so much so, it could theoretically degrade or bring to an end PC performance altogether.

Once the virus detects an ActiveSync, it copies itself over to the PDA or smartphone, executes and starts running.

Crossover erases the contents of the victim-handheld's My Documents folder, after which it gets copied into the Pocket PC's Windows directory and creates shortcuts in startup. Multiple copies of the virus can then theoretically run on startup, with the same ability to copy itself like it did on the desktop.

According to Read, "This new crossover Trojan is literally a new era of malware that uses the same code to infect a desktop computer then secretly infect a Pocket PC device. It definitely redefines the way we need to think about mobile device security."

"If a destructive payload was added to this malware and it was released in the wild it could definitely do some damage. It wouldn't take long before someone figured a way to make it into a worm; there are enough exploitable vulnerabilities on both the Pocket PC and Desktop PC to easily allow this, he continued"

2006 Worse Than 2005
MARA's announcement dovetails with McAfee AVERT Labs forecast for this year, which included a huge increase in mobile threats; up to about 726 from 226 from 2005.

McAfee predicted that the damage caused by new mobile threats is likely to be more extensive than those caused by today's PC threats because of the large volume of smartphones and the small percentage that are protected by mobile security.

For example, in 2004, the 'I Love You' virus penetrated tens of millions of PCs in just a couple of hours despite the fact that half of all PCs had Internet security software installed. By comparison, a mobile threat targeting several operating systems could infect up to 200 million connected smartphones simultaneously because the majority of these devices don't include anti-virus protection.

Since its inception, mobile malware has grown almost ten times faster than PC malware over a comparable period. Yet consumers are also less likely to install mobile security versus PC security because the perceived risk from mobile threats is much less.

McAfee says creators of mobile malware have learned from PC hackers and virus writers to create sophisticated threats, invisible to the consumer, that provide them with financial gain. McAfee asserts this could result in instantly mature mobile threats that devastate networks and consumer data with little fanfare or warning.

At 3GSM McAfee introduced a comprehensive solution to start protecting smartphone users.