SAN JOSE, Calif.-An e-mail Trojan targeting Research In Motion Ltd. BlackBerry users has been developed and, according to its inventor, will be released into “the wild”-that is, launched in public, not just circulated among hackers-this week. That news has led to new, generic advisories from RIM on securing BlackBerry servers and devices, and free advice from anti-virus company Secure Computing Corp.
According to Secure Computing, organizations that have installed their BlackBerry server behind their security gateway may be prone to data theft or the installation of malware. In news accounts, Scott Totzke, RIM’s director of global security, said that although the Trojan developed by a hacker appears to be the first aimed at the BlackBerry, RIM doesn’t view it as a major threat to its customers.
Jesse D’Aguanno, developer of the malicious program he dubbed BBProxy, presented a paper on it Aug. 5 at a hacker conference in Las Vegas and suggested that his program could be e-mailed to BlackBerry users disguised as a game of Tic-Tac-Toe.
For BBProxy to represent a security threat, however, users must be tricked into downloading the application. Secure Computing said that, once installed, BBProxy opens a back channel that bypasses an organization’s gateway security mechanisms, such as encryption, between a would-be hacker and the inside of the organization’s network. The hacker could use this back channel to steal data or install malware.
