28 February 2006, Kaspersky Labs has discover a Java Trojan that spreads in the guise of a program called “RedBrowser”. The official name of the Tojan is Trojan-SMS.J2ME.RedBrowser.a and claims to allow users who install this to browse WAP enabled sites without using a WAP connection.
According to the Trojan’s author, this is made possible by sending and receiving free SMS messages to send the WAP page contents. In actual fact, the Trojan only sends SMSs to premium rate numbers. The user is charged $5 – $6 per SMS. At this time the Trojan sends messages only in the Russian language and is therefore limited to Russian speaking countries.
The Trojan is a Java application packaged as a .jar file that may be called redbrowser.jar and is 54482 bytes in size. For more information on this virus threat you can visit Kaspersky Labs.
According to the alert posted by McAfee, the Trojan’s text sending function doesn’t work in the U.S. “We are currently assuming this is due to the numbers dialed being local to Russia,” the alert read.
Coursen wasn’t able to identify the perpetrators, nor their motivation for creating the Trojan. One possibility, he said was that they might be connected to the premium numbers. “There’s no evidence of that,” he cautioned, but acknowledged that similar scams have been run in the past by attackers who planted auto-dialers on unsuspecting users’ PCs, then raked in fees when those dialers rang up 900 numbers over a land line.
Most anti-virus vendors, including Kaspersky, have labeled Redbrowser.a as a low-level threat. “There’s no global outbreak going on,” said Coursen.’
