This Trojan is a proof-of-concept for Windows CE handheld devices. The Trojan is 5,632 bytes in size and was coded using general Assembler for ARM processors.
The Trojan contains instructions to send a short note in this format -
The note is sent as a notification message that the
handheld device is compromised, and it mentions the
IP address of the hand-held device.
The Trojan will bind with TCP port 2989 and await instructions from a malicious user.
Loading at Windows Startup
When the Trojan is run on a Windows CE hand-held device, it may copy itself to the folder 'c:\windows\startup\'. Having any file in this folder will automatically run that file.
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option