Here we go again, McAfee has released a white paper (PDF link) telling the world that, yes Virginia, you can write malware for Windows Mobile. This seems to happen every few months when this anti-virus company or that doesn't feel it's getting enough attention. Of particular note to McAfee researchers is Windows Mobile's SMS API (which enables cool software like Mobile Secretary's SMS auto-reply and forward), which they say could allow ne'er do wells to grab your personal info via text.
Anyhow, before you run for the hills, note that an exploit hasn't been released.
While mobile malware attacks have been scarce thus far, and some experts -- including F-Secure wireless security guru Mikko Hypponen -- have predicted that such threats will likely never rival widespread nature of today's desktop viruses, McAfee maintains that as smartphones takeoff more exploit code will be written to target the machines.