The debut of the Crossover virus is significant because it highlights the malware community?s increased interest in creating viruses that target mobile devices. Crossover is not the first virus that was designed to jump between mobile devices and desktop computers. In September 2005, security firm F-Security discovered the Cardtrp worm, marking one of the first cases of virus “cross-sharing” between the two devices. Cardtrp targeted mobile devices with the Symbian operating system. If the mobile device had a memory card, the virus would send the Window Wukill virus onto the card. When the infected memory card was inserted into a PC, the Wukill virus would attempt to mask itself as a legitimate file in hopes that the user would attempt to open the file. If the user opened the infected Cardtrp file, the virus will open a backdoor on the infected PC.
By comparison the Crossover virus checks what type of machine it is running on. If a PC is running Windows, it will wait until a mobile device is connected to the desktop via the Microsoft ActiveSync software. Crossover will then jump to the connected mobile device erase documents on the mobile device?s ?My Documents? folder and copy itself into the mobile devices startup folder. The virus could also hurt the performance of the Windows PC because it re-creates itself each time the PC is started. This can mean a user will end up running so many copies that it bogs down the PC.
Each of these viruses demonstrates an increased interest in creating viruses that target the ever-expanding market of mobile devices. According to the Mobile Antivirus Researchers Association (MARA), more mobile viruses should be expected. More specifically, MARA believes, ?with the growing use of handheld devices this type of virus may become very prevalent in the future. For viruses to be more effective they need to spread across a wider range of devices including wireless devices.” While the mobile viruses discovered thus far appear to have been designed as proof of concepts and do not appear to have the capacity to create wide spread infections, it should not be assumed that the future will not bring about widely distributed mobile viruses. The first desktop computer viruses were typically designed as proof of concepts and not widely distributed. Moreover, many of the original PC viruses were not malicious in nature. However, viruses became both malicious and widely distributed once criminal enterprises realized that there was a profit to be made through the expansive distribution of malicious software. It should, therefore, be expected that once organized crime discovers how to profit from malicious mobile software, widespread infections of mobile devices could ensue.