Trojan-SMS.J2ME.Jifake.d

Technical Details
Payload
Removal instructions

Technical Details

This Trojan infects mobile phones that run Java (J2ME). This midlet attempts to send unauthorized SMS messages to premium rate numbers. It is a set of Java class files, which are contained in JAR archive. The JAR archive is 67 830 bytes in size.

Payload

The malicious JAR archive contains the following files:

Meta-inf\Manifest.mf (274 bytes)
v (59 áàéò)
sexy.class (4240 bytes)
im.png (3185 bytes)
ic.png (482 bytes)
c.class (1268 bytes)
b.class (1145 bytes)
abuse.class (59301 bytes)
a.class (1531 bytes)

The midlet is installed in the phone under the name "nazva567nie". Once launched, the Trojan displays the following message on the phone's screen:

The Trojan then in sequential order sends 5 SMS messages with the text "su***ilm" to the number "1***32". The midlet then ceases running. If within 30 minutes the user attempts to relaunch the application, the following message will be displayed on the phone's screen:

Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

1. Delete the original Trojan file.
2. If this program was installed on a regular phone, the users can use standard tools to remove it.
3. If the program was installed on a Smartphone, then, besides standard removal tools, the users can use Kaspersky Mobile Security with updated antivirus databases (download a trial version) to remove the malicious file.

MD5: 7FB54FC16C077F92FA54B176E6FF7BC7 SHA1: 1EC04CC8B3FF88797BB413D4D132EAF077398958