The problem of mobile malware is intensifying by the day. In 2005 there was a steady trickle of Trojans designed to infect mobile devices running Symbian; by the end of the year, the trickle had transformed into a stream. Currently, Kaspersky Lab virus analysts add up to 10 new Trojans for smartphones to the antivirus databases every week. A significant number of these are Trojans written in Asian, specifically South Korea. This country is effectively the leader in producing viruses for mobile phones.

Mobile technologies are continuing to evolve, and, naturally enough, malicious code is also evolving at a considerable rate.

February brought 2 totally new malicious programs. The first of these was discovered by Kaspersky Lab, when a user contacted the company with information that a large number of sites for mobile phone users were spreading a program named RedBrowser. According to the program’s authors, RedBrowser made it possible for a user to access wap sites without an Internet connection. This could be achieved by sending and receiving SMSs which would contain the site’s code.

All the user needed to do was to download the program to his/ her mobile phone. Once done, it was clear that the program did indeed send SMSs. However, this didn’t enable the user to connect to the Internet – the messages were sent to premium rate numbers at a cost of $5-6 per SMS.

Analysis showed the Trojan to be a JAR file created for J2ME, an operating system used by the majority (not just smartphones) of modern handsets. Until recently, it seemed impossible that a program could be created that would infect most handsets; however, RedBrowser changed this. It had clearly been in the wild for some time, and had claimed victims. The Trojan was named Trojan-SMS.J2ME.RedBrowser.a, and shortly after the first variant appeared, a second variant was detected.

The appearance of a malicious program for J2ME is on a level with the appearance of the first worm for smartphones in 2004. It’s still difficult to gauge the exact impact of the potential threat; however, the fact that standard handsets can be infected means that antivirus companies will have to start working on antivirus solutions for these devices. There is also the possibility that similar Trojans, which send SMSs to premium rate numbers, will appear for Symbian smartphones.

The number of smartphones and PDAs using Windows Mobile is continuing to grow. Until recently, we knew of only two malicious programs for Windows Mobile/ Pocket PC – Duts, a virus, and Brador, a backdoor. However, the ranks swelled in February 2006.

The whole story started when an organization called MARA (Mobile Antivirus Researchers Association) issued a press release announcing that a virus had been received from an anonymous author. This proof of concept code was allegedly able to infect both PCs running Windows and handsets running Windows Mobile. The press release received a great deal of attention both from the mass media and the antivirus industry due to the fact that viruses for Windows Mobile are rare, and that the malicious program was a fully functional cross platform virus.

Naturally enough, both the media and antivirus companies contacted MARA requesting a sample for analysis, so that detection for the virus could be added to antivirus databases. However, all requests were met with the same response: it would be necessary to join MARA, as the organization’s rule prohibited exchanging samples with non-members.

This was an unexpected moved. From the moment of its birth, the antivirus industry has had certain rules, which include the regular exchange of samples with other companies. This is done without a company having to be a member of another organization. And when the virus under discussion is a proof of concept virus, companies share samples as quickly as possible to ensure that the maximum number of users are protected, regardless of which antivirus solution they favour. This co-operation is standard; antivirus companies compete against each other only in terms of marketing and services.

Not surprisingly, antivirus companies refused to join this little known organization – why give such a group publicity and credibility for the sake of a single virus? There were also doubts about some of the members of the organization; it seemed to have approximately 10 members, most of who were unknown to the antivirus industry, and there was no way to contact them. The best known member of the organization was Dr. Cyrus Peikari, the author of books on security and the general director of AirScanner, a small company which develops antivirus solutions for mobile phones. Peikari became known when he published the source code of WinCE.Duts, accompanied by an analytical article, which essentially acted as a guide to writing viruses for Windows Mobile. The most disturbing fact was that the article had been co-authored by Ratter, a member of the 29A group of virus writers. It had been Ratter that coded Duts, and who gave the virus source code to Peikari.

The antivirus industry took a dim view of the fact that Peikari had been working with virus writers, and his reputation and the reputation of AirScanner itself was blotted.

Questions about the crossplatform virus, named Crossover by MARA continued to arise. It was unclear why antivirus companies should have to join MARA in order to receive a sample, and disturbing that Peikari was working in conjunction with a known virus writers. It was also unclear why the virus had been sent to a MARA member (who was not named) rather than to an antivirus company, which is what normally happens with proof of concept viruses.

The antivirus industry decided to stop communicating with MARA. On 8th March 2006, Cyrus Peikari published a detailed analysis of Crossover, including code. This essentially amounted to another tutorial in writing viruses for Windows Mobile. No co-author was cited, and at the same time, the member list was removed from the MARA site.

Eventually, antivirus companies managed to get their hands on a sample of the virus, and it was named Cxover.

When launched, the virus scans the operating system and if it is launched on a PC, it uses ActiveSync to search for mobile devices. The virus then copies itself to accessible devices via ActiveSync. Once the virus has penetrated the telephone or PDA, it attempts to copy itself back to the PC. It is also able to delete user files from the mobile device.

Cxover shows that it is possible to create a virus which will function both on personal computers and mobile devices. The source code has been published. What will happen now remains to be seen. But one thing is clear – such viruses are no longer a matter of theory. Welcome to the future.

After you have downloaded and installed the Windows Live Messenger, you will realize that you cannot sign in it!

Now, we need to use a "downgrader" to bypass it. Download and install MSNP13 Downgrader from the A-Patch website.

Then, launch Windows Explorer and navigate to C:\Program Files\MSN Messenger. See the "MSNlaunch" icon? Double-click it to launch MSNP13 downgrader and Windows Live Messenger at the same time.

The MSNP13 downgrader will bypass the Windows Live Messenger beta tester check and sign you into the MSN instant messenger network. You're done!

Note: Since you need to run MSNlaunch to launch Windows Live Messenger, I recommend you put a shortcut icon on desktop for easy access.