Everyone has heard of PC viruses and nowadays everyone knows that there are viruses that attack mobile platforms but did you know that there are viruses capable of infecting different operating systems at the same time? They are luckily rare but proof of concept has now been established.
Multiplatform Infectors are also referred to as hybrids. As is the case in nature, these cross species offspring are relatively rare and are usually unable to reproduce successfully but they prove the point that it can be done.
In the same manner, malware authors have also managed to create viruses that potentially can cross the barriers set by platform designers to infect at once a mobile phone and a PC.
The dominant mobile platform, Symbian is the target of most mobile viruses and now it also the target of a trojan called Cardtrap, all variants of which disable several of Symbian's built in applications, try to damage several 3rd party applications and install a Windows worm, Win32/Padobot.Z to the phone's memory card. If the card is then inserted into a PC using Windows it tries to execute Padobot.Z. While this was unsuccessful in Windows XP SP2 and Windows 2000, the virus payload's autorun feature might well work with some Windows installations.
Other variants. Cardtrap.S, Cardtrap.T and Cardtrap.U have another nasty trick up their collective sleeves; these install a damaged font file from Fontal.A, which crashes the device when rebooted meaning a complete reflash for your phone and the loss of your valuable data.
As is the case with other malware, The Cardtrap.A variant disables the system's application manager to prevent it's uninstallation but fortunately it does not prevent installation of antivirus software. F-Secure Mobile Anti-Virus can detect and disinfect the files Cardtrap.A uses to disable the phone and successfully cut the potential route of infection to the user's PC.
And Windows too...
The Windows mobile platform is another tempting target for the malware community and unsurprisingly, there is also a multiplatform infector for Windows mobile devices too. MSIL/Cxover.A is a proof-of-concept virus written in Microsoft .NET's Microsoft Intermediate Language (MSIL) that can affect both PCs using Windows OS with .NET runtime installed and Windows Mobile handheld devices supporting .NET.
Cxover.A infects devices via Microsoft's ActiveSync protocol. If the Cxover.A binary is executed on a Windows Mobile device, it looks for the PC over the ActiveSync connection and copies itself to the PC so that it will start automatically at next boot.
If Cxover.A is executed on a Windows PC it will search for any PocketPC handheld devices connected over ActiveSync and copy itself there. This represents the true threat of this virus since the .NET is very popular in the Windows world. Fortunately, this virus is also detectable with F-Secure Anti-Virus but knowing the malware community, there will be attempts to upgrade the havoc with new variants of this virus. Keep watching this space.
And then Linux
And just when you thought it was safe to go back in the water, the malware community, always happy to ruin the typical computer user's day, have also created a multiplatform infector between Windows 32 and Linux operating systems. Once again, it's a proof of concept virus called Virus.Linux.Bi.a/ Virus.Win32.Bi.a thanks to its ability to infect two platforms.
While the virus has a limited payload, being able to only infects files in the current directory, its potential to infect files in the different formats used by Linux and Windows--ELF and PE, respectively is clear evidence that one day, virus writers will be able to take the code and run further with it. Users of Windows and Linux beware!
Author: Mark Woods, Corporate Communicator
Begin | 
Back
