JAVA_SMSSEND.AB
Trojan.Java.Smssend.X (FSecure), Java/SMSer.L (Authentium)
Java mobile
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Downloaded from the Internet
This Trojan poses as an installer of Skype for the Android platform.
It abuses premium service numbers.
TECHNICAL DETAILS
30,073 bytes
JAR
30 Jun 2012
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting the following malicious websites:
- http://{BLOCKED}roidl.ru/
- http://{BLOCKED}mobile.net/midlets/12848_{random number}/skype52_installer.jar
NOTES:
This Trojan is a Java MIDlet that poses as an installer of Skype for the Android platform.
Upon execution, it displays the following user interface:
Pressing the left soft key of the mobile phone displays the following:
Pressing the right soft key redirects the phone's browser to the URL http://{BLOCKED}1.net/?u=1l4zi3m938o80vl.
It may send an SMS message to any of the following numbers, which in turn charges affected users according to the respective number's rate:
- 1
- 1151
- 1161
- 2855
- 5373
- 5537
- 7099
- 7151
- 7204
- 7250
- 8887
- 8926
- 9151
- 9685
The SMS message it sends contains the following text:
e@1b07961, e@f1036f, e@1187f5b
SOLUTION
9.200
9.224.06
30 Jun 2012
9.225.00
30 Jun 2012
Scan your computer with your Trend Micro product to delete files detected as JAVA_SMSSEND.AB. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
NOTES:
To delete the malware in your mobile device manually, select the malware file and delete it according to the device's specifications.
Did this description help? Tell us how we did.