|Detected||Feb 27 2011 09:31 GMT|
|Released||Feb 27 2011 14:27 GMT|
|Published||May 18 2011 13:39 GMT|
This Trojan infects mobile phones that run Java (J2ME). The MIDlet sends SMS messages unauthorized by the user to premium rate numbers. It is a Java class contained in a JAR archive. It is 4856 bytes in size. The size of the JAR archive is 12 792 bytes.
This MIDlet's malicious functionality is implemented in the "b" class file, which contains a script to send SMS messages to certain premium rate numbers. The numbers to which to send messages and also their texts are contained in encrypted form in the file:
The MIDlet is installed in the phone under the name:
After launching, the Trojan displays the question:
If the user clicks "NO", the Trojan will stop running. Otherwise, an SMS message will be sent. If the message is successfully sent, this image is displayed:
If unsuccessful, it displays the following message:
During the analysis of the sample, SMS messages were sent to the number:
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
Programs of this type are used to send text messages from infected mobile devices to premium rate numbers that are hard code into the Trojan’s body.