Visible Symptoms
- None - this malware is installed to a mobile device intentionally by an
unsuspecting user with the intent of using it as a "WAP browser"
Detailed AnalysisThis malware is a malicious midlet (a Java application for embedded devices). It sends SMS messages to specific phone numbers.
Technical Details
Initially, this threat is a proof of concept virus designed for J2ME platform systems.
It uses Java and Wireless Messaging API (WMA) code (javax.wireless.messaging.sms.send)
in order to perform its actions. With WMA, you can send brief text or binary
messages by means of a wireless connection to one or to multiple mobile devices.
The WMA supports Short Message Service (SMS) and Cell Broadcast Service (CBS)
messaging. Sun Microsystems distributes freely a J2ME Wireless Toolkit that
supports WMA. Many cell phones run Mobile Java, or Mobile-J and they are also
Symbian based.
This malware does not have any distribution mechanism other than to send an
SMS message to a specific phone number.
The initial version pretends to be a WAP browser and displays text in Russian.
Since then, there have been several other minor variants, pretending to provide geographic location
services or card generators. Those trojans have a different aspect from the initial WAP browser, but behind
the scenes, the function sending the SMS is the same.
|