This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Indication of Infection
arrives in a JAR file named “redbrowser.jar
Upon startup the following text(translated from Russian) is displayed:
"Carefully read following description of RedBrowser program This program allows viewing WAP pages without GPRS connection.
RedBrowser connects to SMS server of your operator (MTS, BEELINE, MEGAFON).
Page is loaded by receiving encoded SMS. First 5Mb (650 SMS) of traffic are provided free of charge in test mode. ATTENTION!!! Program RedBrowser works ONLY on above mentioned cellular operators."
currently is known to run on the following phones:
- Sony-Ericsson W800i
- Blackberry 8700c
Figure 1 - Logo displayed by Redbrowser.A on startup.
The user will be continually prompted to allow the sending of the SMS messages.
Figure 2 - The user is continually prompted to allow the SMS messages to be sent
Figure 3 - Redbrowser.a claims to download WAP pages via SMS.
SMS sending does not appear to function completely in the United States, we are currently assuming this is due to the numbers dialed being local to Russia.
appears to have been written using the MIDletPascal programming tool.
The malware will not install on the P900 due to its use of a restricted API.
Methods of Infection
This malware requires that the user intentionally install it upon the device.
As always, users should never
install unknown or un-trusted software.
This is especially true for illegal software, such as cracked
applications—they are a favorite vector for malware infection.