Crossover is a proof of concept trojan horse that demonstrates that handhelds are vulnerable to malware just as our desktops are. Crossover was designed to spread from a PC to a Pocket PC device via ActiveSync. In a nutshell, when executed, the virus will check to see what OS is running. If it is Windows CE or Windows Mobile, it will erase all files in the My Documents directory of the device and copy itself so that it can run again when the device is reset. It the OS is not Windows CE or Windows Mobile, the virus will wait for ActiveSync to copy itself over to the PDA.
Keep in mind that it is just a proof of concept but it does mean that someone has now proven that this is feasible.