Click to View

Earlier this week we reported on the first Pocket PC Trojan capable of making the jump from a desktop to PDA or smartphone, and affecting both. Today, another proof-of-concept virus crossed our radar, one that could have consequences for far more mobile phone users if let loose in the wild.

McAfee has received samples of the J2ME (Java 2 Micro Edition) RedBrowser.A, a mobile threat aimed at feature phones using Java and not just advanced handsets using operating systems like Symbian and Microsoft's Window Mobile platform. This type of malware has the potential to infect hundreds of millions of devices globally.

Smartphones, by contrast, account for tens of millions of today's mobile handsets.

RedBrowser.A is low risk, because it is very specific to the Russian market and a proof-of-concept virus, which means it presumably hasn't left the lab. The motivation behind it is financial.

Here's how it Works:

The malware pretends to be a mobile WAP browser that downloads pages via SMS. When it launches - after download via a WAP site, Bluetooth or PC - and installation users see the following messages (translated from Russian by McAfee) on their phone screens:

Carefully read following description of RedBrowser program This program allows viewing WAP pages without GPRS connection.

RedBrowser connects to SMS server of your operator (MTS, BEELINE, MEGAFON).

Page is loaded by receiving encoded SMS. First 5Mb (650 SMS) of traffic are provided free of charge in test mode. ATTENTION!!! Program RedBrowser works ONLY on above mentioned cellular operators.

Instead of actually letting them browse, however, RedBrowser.A sends SMS messages to premium rate numbers in the background, each one incurring a hefty $5 to $6 charge. Victims aren't aware they've been scammed until their phone bill arrives well after the fact.

We're told users can get rid of a Trojan like RedBrowser.A through the standard delete or uninstall application on the their handset. McAfee recommends using commonsense best practices and never install unknown or un-trusted software, especially illegal appications; where Malware like RedBrowser.A often lay waiting.

McAfee says the Trojan doesn't work correctly in the U.S. Most likely because it dials local Russian numbers. The security experts have successfully run it on the Nokia 6681, Sony-Ericsson W800i, and Blackberry 8700c.