Welcome!

Java Authors: Liz McMillan, Walter H. Pinson, III, Maureen O'Gara, Yakov Werde, Tony Bishop

Related Topics: Linux, Java

Linux: Article

Kaspersky Reports First Trojan to Strike Mobile Phones Running Java Applications

RedBrowser Directs SMS to Premium Rate Numbers...
Article Rating:
March 1, 2006 05:30 PM EST
Reads:
 11,805
Kaspersky Lab, one of the world’s leading anti-virus companies, has detected a new piece of mobile malware. Trojan-SMS.J2ME.RedBrowser.a is the first malicious program to infect not only smartphones, but any mobile phone capable of running Java (J2ME) applications.

The Trojan spreads in the guise of a program called RedBrowser, which allegedly enables the user to visit WAP sites without using a WAP connection. According to the Trojan's author, this is made possible by sending and receiving free SMSs. In reality, the Trojan sends SMSs to premium rate numbers. The user is charged $5(£2.86) - $6 (£3.44) per SMS.

The Trojan is a Java application, a JAR format archive. The file may be called "redbrowser.jar", and is 54482 bytes in size. The Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer. The archive contains the following files:

. FS.class - auxiliary file (2719 bytes in size)
. FW.class - auxiliary file (2664 bytes in size)
. icon.png - graphics file (3165 bytes in size)
. logo101.png - graphics file (16829 bytes in size)
. logo128.pnh - graphics file (27375 bytes in size)
. M.class - interface file (5339 bytes in size)
. SM.class - Trojan application which sends SMS messages (1945 bytes in size)

The Trojan can be easily removed from the victim handset using standard utilities already installed on the telephone.

So far, Kaspersky Lab has only received one sample of RedBrowser, which targets subscribers of Beeline, MTS, and Megafon, Russia’s major mobile service providers. However, other versions of RedBrowser, or similar programs, may well be circulating on the Internet.

Kaspersky Lab recommends that mobile phone users exercise caution and do not download or launch unknown programs via the Internet.

David Emm, Senior Technology Consultant, Kaspersky Lab, comments: “This latest virus represents a natural progression for virus writers, who are constantly seeking to extend their reach by spreading infections via as many platforms as possible. One thing’s for sure – RedBrowser may be the first of its kind, but it certainly won’t be the last.”

Published March 1, 2006 – Reads 11,805
Copyright © 2006 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
jdj news desk 03/01/06 12:30:55 AM EST

Kaspersky Lab, an anti-virus company, has detected a new piece of mobile malware. Trojan-MS.J2ME.RedBrowser.a is the first malicious program to infect not only smartphones, but any mobile phone capable of running Java (J2ME) applications. The Trojan spreads in the guise of a program called RedBrowser, which allegedly enables the user to visit WAP sites without using a WAP connection.