A mystery is deepening around a report about the emergence of a virus that can pass from a PC to a mobile device, with some anti-virus vendors saying they have not seen the code to confirm it.
TheMobile Antivirus Researchers Association (MARA)) said it had anonymously received the code, named "Crossover." Microsoft, whose software the virus reportedly affects, said that it was investigating the reports but had not heard of any customer complaints.
Anti-virus vendors said they would update their software to detect and remove the virus if they were allowed to analyse it. While vendors typically send virus samples to each other to update their products, MARA has not been forthcoming with a sample, said Graham Cluley, senior technology consultant for Sophos.
At the moment, the anti-virus community only has MARA's word that the virus exists, Cluley said.
"We would still love to see a sample of this and determine if this is a potential threat to our customers," Cluley said. "It's a little bit disappointing that they are not sharing the sample."
The virus, MARA said, is the first one engineered to infect a Microsoft Windows desktop computer and then pass to a mobile device running the Windows CE or Mobile software, subsequently erasing files.
So far, the code remains proof-of-concept, a tag given to viruses that are created to illustrate how a vulnerability can be exploited but which are not generally released on the Internet.
But once the code is publicly released, malicious hackers may alter it. The aim is for the virus to spread rapidly before anti-virus software is updated to detect and remove the malware.
The Crossover virus copies itself in the registry of a desktop computer. It waits for a mobile device to synchronise its data with a desktop machine using Microsoft's ActiveSync program, according to MARA's posting. The virus then erases files in the My Documents directory on the device.
Mikko Hypponen, chief research officer at F-Secure, said the security company can update its software to detect the virus within a couple of hours of having a sample. But the company has not seen the virus, he said.
Sophos contacted MARA by e-mail to request the virus. MARA responded with an e-mail attaching legal conditions to the release of the sample, but Sophos did not want to sign an agreement, Cluley said. Sophos has had concerns over white papers MARA has published that contained virus source code, he said. Further, it is customary for anti-virus vendors to securely send each other malware samples within a few hours, Cluley said.
MARA said that the virus would be available to anti-virus companies and security experts "who qualify for MARA membership, which is free." The terms of the membership are unclear from MARA's website, and representatives of the group could not be immediately contacted.
MARA, formed in 2005, describes itself as a "vendor-neutral group" dedicated to prevent the spread of malicious code. According to its code of conduct, MARA members are not supposed to exchange viruses except for research and not engage in computer crime, among several other rules.
If verified, the virus could mark the start of a new dangers for mobile devices, whose increasingly complex operating systems can be vulnerable to malware.