Pages

13 October 2011

Trojan:Java/SMSer.T

Aliases :

There are no other names known for Trojan:Java/SMSer.T.

Explanation :

Trojan:Java/SMSer.T is a trojan that affects mobile devices with Java Platform, Micro Edition supported using the application name 'CanvasFormMIDlet MIDlet Suite'.


Top

Trojan:Java/SMSer.T is a trojan that affects mobile devices with Java Platform, Micro Edition supported using the application name 'CanvasFormMIDlet MIDlet Suite'.

Trojan:Java/SMSer.T arrives as .JAR file installer named 'photo.jar'.

Once installed, it will display the following text in Russian:

"�Ÿо�‡�‚и го�‚ово..."

"С��‹лка на ди��‚�€иб�ƒ�‚ив п�€иложени� п�€иде�‚ в о�‚ве�‚ном SMS в �‚е�‡ение 5 мин�ƒ�‚. �Ÿе�€ейди�‚е по пол�ƒ�‡енной ���‹лке и �ка�‡ай�‚е п�€иложение."

Which translates to:

"Almost ready... "

"a reference to the application distribution package will come [via] SMS within 5 minutes. Click on the link provided and download the application."

If the user clicks on the link, the trojan will appear to download a package, when in fact this is executing the trojan's payload and initiates the sending of SMS's to a premium number.

When it runs in the background, it sends SMS messages without the user's consent. The SMS it sends to the Russian premium SMS short code number 3602 contains the string "503448915" which may charge the user without their knowledge.



Analysis by Marianne Mallen

0 comments: