Hmm… US-CERT has an advisory about a Windows CE Trojan. Here’s the list of things it is said to do on a Windows CE device:
- spreads via seemingly legitimate application installation files
- installs as an autorun program on the memory card
- installs itself to the device when an infected memory card is inserted
- protects itself from deletion by copying itself back to disk
- replaces the browser’s homepage
- allows unsigned applications to install without warning
The US-CERT alert does not name it. However, BetaNews says it is called WinCE/InfoJack Trojan and provides its history.