Anti-virus researchers complained Wednesday that a group claiming to have proof of the first PC-to-mobile Trojan hasn't shared the sample, a normal practice among security investigators.
Monday, the Mobile Antivirus Researchers Association (MARA), which bills itself as a non-commercial collection of mobile malware researchers, said it had anonymously received malicious code it dubbed "Crossover." The sample, said MARA, could cross-infect a Windows Mobile Pocket PC from a desktop PC running Windows.
According to MARA, the first-of-its-kind Trojan spreads to the mobile device via Microsoft's ActiveSync, then erases all files in the My Documents directory of the Windows CE- or Windows Mobile-based gizmo.
But unlike the usual practice where virus researchers share samples, MARA's not willing to let others see the code, no-strings-attached, say some commercial researchers. They're left without a way to confirm Crossover's existence or MARA's claims, or update their own signatures to defend against the attacker.
"You have to join MARA to get a sample," said Graham Cluley, senior technology consultant with U.K.-based security company Sophos. "They'll share only with members of their club."