|Detected||Nov 05 2009 11:42 GMT|
|Released||Nov 05 2009 19:06 GMT|
|Published||Mar 23 2011 13:04 GMT|
This Trojan infects mobile phones that run Java (J2ME). This midlet attempts to send unauthorized SMS messages to premium rate numbers. It is a set of Java class files, which are contained in JAR archive. The JAR archive is 67 830 bytes in size.
The malicious JAR archive contains the following files:
Meta-inf\Manifest.mf (274 bytes) v (59 áàéò) sexy.class (4240 bytes) im.png (3185 bytes) ic.png (482 bytes) c.class (1268 bytes) b.class (1145 bytes) abuse.class (59301 bytes) a.class (1531 bytes)The midlet is installed in the phone under the name "nazva567nie". Once launched, the Trojan displays the following message on the phone's screen:
The Trojan then in sequential order sends 5 SMS messages with the text "su***ilm" to the number "1***32". The midlet then ceases running. If within 30 minutes the user attempts to relaunch the application, the following message will be displayed on the phone's screen:
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
MD5: 7FB54FC16C077F92FA54B176E6FF7BC7 SHA1: 1EC04CC8B3FF88797BB413D4D132EAF077398958
Programs of this type are used to send text messages from infected mobile devices to premium rate numbers that are hard code into the Trojan’s body.