[ml] Reverse-Engineering the First Pocket PC Trojan

Reverse-Engineering the First Pocket PC Trojan

"Avventura" e analisi del malware.. (è la prima parte dell'articolo)

"A few words about viruses for WinCE. Until now, there have allegedly
been no publicly released viruses for WinCE. This situation seemed to
me to be incomprehensible, first that there are no publicly released
viruses, and second that the virus would write itself into all the
files of the current directory. [We can only guess what this means,
but WinCE4.Dust—the first Windows CE virus—only infects files in the
root directory, regardless of where it's launched. This is due to the
way the filesystem is set up in Windows CE.] To me, it was a chance to
become famous in the field, but then I suddenly and randomly visited
pocketnow.com, where it was revealed that today (!) [July 19, 2004],
the first Pocket PC virus was created (by a fellow of 29A). On Yahoo
on Demand, the Windows CE virus had five references to this remarkable
case (although only yesterday there was not one on the theme!). I will
not be surprised if this will be on all the news in a week. Well, that
sucks—my only chance to become famous is forever missed.... The virus,
by the way, is sufficiently inoffensive, and even asks the user if it
is possible to play pranks on the system. However, I think a Trojan
will produce a much larger effect..."


Insomma, buona lettura :))


http://www.informit.com/articles/article.asp?p=340544&seqNum=1