US-CERT: WinCE/InfoJack Trojan

Hmm… US-CERT has an advisory about a Windows CE Trojan. Here’s the list of things it is said to do on a Windows CE device:

  • spreads via seemingly legitimate application installation files
  • installs as an autorun program on the memory card
  • installs itself to the device when an infected memory card is inserted
  • protects itself from deletion by copying itself back to disk
  • replaces the browser’s homepage
  • allows unsigned applications to install without warning

The US-CERT alert does not name it. However, BetaNews says it is called WinCE/InfoJack Trojan and provides its history.