| Detection added |
Feb 27 2006 12:13 GMT |
| Description added |
Feb 27 2006 |
| Behavior |
Trojan |
This Trojan infects mobile phones running Java (J2ME).
The Trojan spreads in the guise of a program called "RedBrowser", which allegedly
enables the user to visit WAP sites without using a WAP connection.
According to the Trojan's author, this is made possible by sending and receiving
free SMSs. In actual fact, the Trojan only sends SMSs to premium rate numbers,
at a rate of $5 - $6 per SMS.
The Trojan is a Java application, a JAR format archive. The file may be called
"redbrowser.jar", and is 54482 bytes in size.
The Trojan can be downloaded to the victim handset either via the Internet
(from a WAP site) or via Bluetooth or a personal computer.
The archive contains the following files:
- FS.class - auxiliary file (2719 bytes in size)
- FW.class - auxiliary file (2664 bytes in size)
- icon.png - graphics file (3165 bytes in size)
- logo101.png - graphics file (16829 bytes in size)
- logo128.pnh - graphics file (27375 bytes in size)
- M.class - interface file (5339 bytes in size)
- SM.class - Trojan application which sends SMS messages (1945 bytes in size)
The user is able to de-install the Trojan by using the standard Install/ Delete
application utility on the telephone.
